§ 1311.105. Requirements for obtaining an authentication credential—Individual practitioners.
195 words·~1 min read·
/us/cfr/t21/s§ 1311.105·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
(a)An individual practitioner must obtain a two-factor authentication credential from one of the following:
(1)A credential service provider that has been approved by the General Services Administration Office of Technology Strategy/Division of Identity Management to conduct identity proofing that meets the requirements of Assurance Level 3 or above as specified in NIST SP 800-63-1 as incorporated by reference in § 1311.08.
(2)For digital certificates, a certification authority that is cross-certified with the Federal Bridge certification authority and that operates at a Federal Bridge Certification Authority basic assurance level or above.
(b)The practitioner must submit identity proofing information to the credential service provider or certification authority as specified by the credential service provider or certification authority.
(c)The credential service provider or certification authority must issue the authentication credential using two channels (e.g., e-mail, mail, or telephone call). If one of the factors used in the authentication protocol is a biometric, or if the practitioner has a hard token that is being enabled to sign controlled substances prescriptions, the credential service provider or certification authority must issue two pieces of information used to generate or activate the authentication credential using two channels.
Connections1 cite this
Cited by 1 section
Citation graph
cites case law
§ 1311.105
Requirements for obtaining an authentication credential—Individual practitioners.
Fed. Reg.×1
Cites 0Cited by 1 across 1 source