FDA/DEA Regulatory Compliance: CSOS

Complying with Controlled Substance Ordering System (CSOS) Requirements

Americas Map

Regulation

Active Now

FDA/DEA Regulatory Compliance: CSOS

DEA's CSOS program allows for secure electronic controlled substances orders without the supporting paper DEA Form 222. Using a public key infrastructure (PKI), CSOS requires that each individual purchaser enroll with DEA to acquire a CSOS digital certificate.

nCipher Security can help prepare organizations to comply with the CSOS program requirements with:

  • FIPS-certified protection of private keys;
  • Industry-leading experience in designing and implementing PKI solutions.
FDA/DEA Regulatory Compliance: CSOS
The DEA's CSOS Regulation

The DEA's Controlled Substance Ordering System (CSOS) allows for secure electronic transmission of Schedule I-V controlled substance orders without the supporting paper Form 222.

The DEA requires that auditors validate that the cryptographic modules are FIPS 140-2 certified. Auditors must also validate all aspects of the software that are addressed in the regulations.

Authorized User Controls

Establish a secure and scalable PKI that helps ensure that only authorized users and devices have access to enterprise networks. Using nCipher HSMs to help secure the process of issuing CSOS certificates and proactively manage signing keys creates a high-assurance foundation for digital security.

Strong Key Management

Ensure that encrypted data remains unreadable by protecting encryption keys with FIPS-certified nCipher HSMs.

Brochure : nCipher HSM brochure

nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More
Contact a Compliance Specialist Contact Us

Related Solutions

EPCS

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Learn More

HIPAA/HITECH

The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure while the HITECH Act requires the timely disclosure of data breaches.

Learn More
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information… Joe Majka,Chief Security Officer
Want to be part of our team? Explore
Get in contact with a specialist Contact Us