21 CFR 1311.105 - Requirements for obtaining an authentication credential - Individual practitioners.
(1) A credential service provider that has been approved by the General Services Administration Office of Technology Strategy/Division of Identity Management to conduct identity proofing that meets the requirements of Assurance Level 3 or above as specified in NIST SP 800-63-1 as incorporated by reference in § 1311.08.
(2) For digital certificates, a certification authority that is cross-certified with the Federal Bridge certification authority and that operates at a Federal Bridge Certification Authority basic assurance level or above.
(b) The practitioner must submit identity proofing information to the credential service provider or certification authority as specified by the credential service provider or certification authority.
(c) The credential service provider or certification authority must issue the authentication credential using two channels (e.g., e-mail, mail, or telephone call). If one of the factors used in the authentication protocol is a biometric, or if the practitioner has a hard token that is being enabled to sign controlled substances prescriptions, the credential service provider or certification authority must issue two pieces of information used to generate or activate the authentication credential using two channels.
- 21 CFR 1311.110 — Requirements for Obtaining an Authentication Credential - Individual Practitioners Eligible to Use an Electronic Prescription Application of an Institutional Practitioner.
- 21 CFR 1311.08 — Incorporation by Reference.
- 21 CFR 1311.125 — Requirements for Establishing Logical Access Control - Individual Practitioner.
- 21 CFR 1311.145 — Digitally Signing the Prescription With the Individual Practitioner's Private Key.