21 CFR 1311.115 - Additional requirements for two-factor authentication.

§ 1311.115 Additional requirements for two-factor authentication.
(a) To sign a controlled substance prescription, the electronic prescription application must require the practitioner to authenticate to the application using an authentication protocol that uses two of the following three factors:
(1) Something only the practitioner knows, such as a password or response to a challenge question.
(2) Something the practitioner is, biometric data such as a fingerprint or iris scan.
(3) Something the practitioner has, a device (hard token) separate from the computer to which the practitioner is gaining access.
(b) If one factor is a hard token, it must be separate from the computer to which it is gaining access and must meet at least the criteria of FIPS 140-2 Security Level 1, as incorporated by reference in § 1311.08, for cryptographic modules or one-time-password devices.
(c) If one factor is a biometric, the biometric subsystem must comply with the requirements of § 1311.116.

Title 21 published on 2014-04-01

no entries appear in the Federal Register after this date.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code