21 CFR 1311.115 - Additional requirements for two-factor authentication.

§ 1311.115 Additional requirements for two-factor authentication.

(a) To sign a controlled substance prescription, the electronic prescription application must require the practitioner to authenticate to the application using an authentication protocol that uses two of the following three factors:

(1) Something only the practitioner knows, such as a password or response to a challenge question.

(2) Something the practitioner is, biometric data such as a fingerprint or iris scan.

(3) Something the practitioner has, a device (hard token) separate from the computer to which the practitioner is gaining access.

(b) If one factor is a hard token, it must be separate from the computer to which it is gaining access and must meet at least the criteria of FIPS 140-2 Security Level 1, as incorporated by reference in § 1311.08, for cryptographic modules or one-time-password devices.

(c) If one factor is a biometric, the biometric subsystem must comply with the requirements of § 1311.116.

This is a list of United States Code sections, Statutes at Large, Public Laws, and Presidential Documents, which provide rulemaking authority for this CFR Part.

This list is taken from the Parallel Table of Authorities and Rules provided by GPO [Government Printing Office].

It is not guaranteed to be accurate or up-to-date, though we do refresh the database weekly. More limitations on accuracy are described at the GPO site.


United States Code

Title 21 published on 10-May-2017 03:43

The following are ALL rules, proposed rules, and notices (chronologically) published in the Federal Register relating to 21 CFR Part 1311 after this date.

  • 2017-03-21; vol. 82 # 53 - Tuesday, March 21, 2017
    1. 82 FR 14490 - Program To Hire Special Assistant United States Attorneys in Targeted Federal Judicial Districts Utilizing Diversion Control Fee Account Funds
      GPO FDSys XML | Text
      DEPARTMENT OF JUSTICE, Drug Enforcement Administration
      Notice of proposed rulemaking.
      Electronic comments must be submitted, and written comments must be postmarked, on or before April 20, 2017. Commenters should be aware that the electronic Federal Docket Management System will not accept comments after 11:59 p.m. Eastern Time on the last day of the comment period.
      21 CFR Parts 1301 and 1311