21 C.F.R. § 1311.30 Requirements for storing and using a private key for digitally signing orders.
Title 21 - Food and Drugs
(a) Only the certificate holder may access or use his or her digital certificate and private key. (b) The certificate holder must provide FIPS-approved secure storage for the private key, as discussed by FIPS 140–2, 180–2, 186–2, and accompanying change notices and annexes, as incorporated by reference in §1311.08. (c) A certificate holder must ensure that no one else uses the private key. While the private key is activated, the certificate holder must prevent unauthorized use of that private key. (d) A certificate holder must not make back-up copies of the private key. (e) The certificate holder must report the loss, theft, or compromise of the private key or the password, via a revocation request, to the Certification Authority within 24 hours of substantiation of the loss, theft, or compromise. Upon receipt and verification of a signed revocation request, the Certification Authority will revoke the certificate. The certificate holder must apply for a new certificate under the requirements of §1311.25.
Title 21: Food and Drugs
PART 1311—Digital Certificates
Subpart B—Obtaining and Using Digital Certificates for Electronic Orders
§ 1311.30 Requirements for storing and using a private key for digitally signing orders.
