Current as of October 03, 2022 | Updated by FindLaw Staff
Welcome to FindLaw's Cases & Codes, a free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.
If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their security and integrity. These controls must include:
(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password;
(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging);
(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, or other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls;
(d) Using transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit and, as appropriate, to organizational management; and
(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in any unauthorized manner.
Cite this article: FindLaw.com - Code of Federal Regulations Title 27. Alcohol, Tobacco Products and Firearms § 27.73.12 What security controls must I use for identification codes and passwords? - last updated October 03, 2022 | https://codes.findlaw.com/cfr/title-27-alcohol-tobacco-products-and-firearms/cfr-sect-27-73-12/
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
Was this helpful?