Anda CSOS Security Considerations :::::

To ensure the integrity of data processed by the ANDA CSOS application, the DEA requires that you adhere to the following security measures in addition to your company’s own security policies. Failure to institute minimum security measures may result in compromised data and non compliance with DEA rules pertaining to the electronic ordering of controlled substances pursuant to Department of Justice, Drug Enforcement Administration, 21 CFR Parts 1305 and 1311, Docket No. DEA-217F. For further details, please see the Federal Register

Only the person who signs the CSOS electronic certificate application is authorized to retrieve and safeguard this file.

  • One computer is to be designated as the sole work station for the signing of the CSOS order. ** This computer will have the embedded root certificate (PKI) for the electronic signature. This cannot be shared among other computer workstations.
  • When the username and password is retrieved for the Anda CSOS application, it should be stored in a safe location.
  • Institute a policy for periodically changing the password
  • If you are manually distributing your PKI certificate to your partners, do so via a secure means. Encourage your partners likewise. This information should be sent via email instead, not fax.

In addition, your internal security controls should be followed as well to ensure that this information is safeguarded.

For an explanation of CSOS, please click here

To see some of the advantages to implementing CSOS, please click here

To see what needs to be done to implement CSOS, please click here

©2005 All rights reserved.