21 CFR 1311.30 - Requirements for storing and using a private key for digitally signing orders.
(b) The certificate holder must provide FIPS-approved secure storage for the private key, as discussed by FIPS 140-2, 180-2, 186-2, and accompanying change notices and annexes, as incorporated by reference in § 1311.08.
(c) A certificate holder must ensure that no one else uses the private key. While the private key is activated, the certificate holder must prevent unauthorized use of that private key.
(e) The certificate holder must report the loss, theft, or compromise of the private key or the password, via a revocation request, to the Certification Authority within 24 hours of substantiation of the loss, theft, or compromise. Upon receipt and verification of a signed revocation request, the Certification Authority will revoke the certificate. The certificate holder must apply for a new certificate under the requirements of § 1311.25.
Title 21 published on 2014-04-01
no entries appear in the Federal Register after this date.