FDA/DEA Regulatory Compliance: CSOS

Complying with Controlled Substance Ordering System (CSOS) Requirements

Americas Map

Regulation

Active Now

FDA/DEA Regulatory Compliance: CSOS

DEA's CSOS program allows for secure electronic controlled substances orders without the supporting paper DEA Form 222. Using a public key infrastructure (PKI), CSOS requires that each individual purchaser enroll with DEA to acquire a CSOS digital certificate.

Thales eSecurity can help prepare organizations to comply with the CSOS program requirements with:

  • FIPS-certified protection of private keys;
  • Industry-leading experience in designing and implementing PKI solutions.
FDA/DEA Regulatory Compliance: CSOS
The DEA's CSOS Regulation

The DEA's Controlled Substance Ordering System (CSOS) allows for secure electronic transmission of Schedule I-V controlled substance orders without the supporting paper Form 222.

The DEA requires that auditors validate that the cryptographic modules are FIPS 140-2 certified. Auditors must also validate all aspects of the software that are addressed in the regulations.

Encryption and Key Management

Make your data unreadable to others through strong, centrally managed, file, volume and application encryption combined with simple, centralized key management that is transparent to processes, applications and users.

Access Policies and Privileged User Controls

Restrict access to encrypted data through access policies and user controls that permit data to be decrypted only for authorized users and applications, while allowing privileged users to perform IT operations without the ability to see protected information.

Security Intelligence

Logs that capture access attempts to protected data provide high value security intelligence information that can be used with a Security Information and Event Management (SIEM) solution and for compliance reporting.

Data Sheets : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management...

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More

SOX

Americas Map Thumbnail

Regulation

Active now

United States Federal Law setting standards for a range of US companies, SOX Act sections 302 and 404 relate directly to data protection.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook

Related Solutions

EPCS

EPCS revises DEA’s regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically as well as receiving, dispensing and archiving electronic prescriptions. The electronic prescription application must incorporate a secure process for practitioner authentication.

Learn More

HIPAA/HITECH

The HIPAA Security Rule requires healthcare organizations to use appropriate safeguards to ensure that electronic protected health information (ePHI) remains secure while the HITECH Act requires the timely disclosure of data breaches.

Learn More

Data Residency

There are more than 100 national data privacy laws on the books. Global enterprise, SaaS vendors and cloud-solution providers need to be aware how to meet data residency requirements in their environment.

Learn More
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected Thales HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information… Joe Majka,Chief Security Officer
The Vormetric solution not only solved all of our encryption needs but alleviated any fears of the complexity and overhead of managing the environment once it was in place. Joseph Johnson,chief information security officer CHS
My concern with encryption was the overhead on user and application performance. With Thales eSecurity, people have no idea it’s even running. Karl MudraCIO
Delta Dental of Missouri
Vormetric’s approach of coupling access control with encryption is a very powerful combination. We use it to demonstrate to clients our commitment to preserving the security and integrity of their test cases, data and designs. David VargasInformation Security Architect
Cadence Design Systems
Implementing Vormetric has given our own clients an added level of confidence in the relationship they have with us; they know we’re serious about taking care of their data. Audley Deansenior director of Information Security,
BMC Software
There is absolutely no noticeable impact on the performance or usability of applications. I am very excited at how easy the solution is to deploy and it has always performed flawlessly. Christian MuusDirector of Security for Teleperformance EMEA
Thales eSecurity is our standard. Whenever an encryption solution is needed, the answer is always, ‘let’s start with Thales eSecurity. Damian McDonaldVice President of Global Information Security, Becton, Dickinson and Company
Vormetric Encryption delivers what we need it to do – without any fuss or drama – knowing it’s in place is one less thing to worry about. Albert AvilaBusiness Solutions Specialist, Fujitsu America, Inc.
Watch our interactive demo Explore
Schedule a live demo Schedule
Get in contact with a specialist Contact us