(a) A holder of a CSOS certificate must generate a new key pair and acquire a new CSOS digital certificate when the declarant`s DEA record expires or when the information on which the certificate is based changes. This information includes the registered name and address, the name of the subscriber and the timelines that the registrant has the right to process. A CSOS certificate expires on the expiration date of the DEA record on which the certificate is based. Exclusion of Liability: The Guides are not binding like this document and have no force and effect of the law, unless this is expressly approved by law or expressly included in a contract, grant or cooperation agreement. In accordance with the Executive Order of 13891 and the memoranda of the Office of Management and Budget, the Ministry will not cite, use or use guidance documents that are not accessible to other departments and agencies of the Executive, except to establish historical facts. To the extent that a guidance document establishes voluntary standards (e.g. B recommended practices), compliance with these standards is voluntary and non-compliance does not entail implementing measures. The guides may be repealed or modified at their discretion and in accordance with applicable law. A “Q&A” page on the CSOS certificate is available on the DEA e-commerce program website under www.DEAecom.gov. Applicants can download the CSOS Enrollment PKI diversion document and the CSOS Subscriber`s Manual for assistance in the registration process. DEA also has a helpline to assist applicants and subscribers with issues related to the registration, issuance, revocation and renewal of certificates. Staff are available Monday to Friday from 8:00 a.m. to 5:00 p.m.m .m until 5:50 p.m.
Eastern Time at 1-877-332-3266 if additional support is required. EO-DEA198, October 5, 2020 (c) CSOS certificate holders must keep a copy of the subscriber agreement provided by the certification body for the lifetime of the certificate. 4. Confirmation that the applicant has read and understood the Subscriber Agreement and accepts the Statement of Subscriber Obligations provided by DEA. (3) The private key must be stored on a FIPS 140-2 Level 1 validated cryptographic module using an authorized fips encryption algorithm, as inserted in section 1311.08 by reference. (1) The cryptographic module must be validated by FIPS 140-2, level 1, as by reference in §. . . .