Laserfiche WebLink
Data Sharing Addendum - 12 <br />6.20.23 <br />EXHIBIT A: CITY DATA SECURITY REQUIREMENTS <br />1. Definitions <br />In addition to the definitions set out in the Addendum, the definitions below apply to <br />this Exhibit. <br />A) “Hardened Password” means a string of characters containing at least one (1) capital <br />letter, one (1) lowercase letter, one (1) number, one (1) non-alphanumeric or special <br />character. <br />1) Minimum password length is 9 characters. <br />2) Users may not use their previous ten (10) passwords. <br />3) Cannot be a dictionary word or a proper name. <br />4) Cannot be the same as a User ID or contain the User ID string. <br />B) “Portable/Removable Media” means any data storage device that can be detached or <br />removed from a computer and transported, including but not limited to: optical media <br />(e.g. CDs, DVDs); USB drives; or flash media (e.g. CompactFlash, SD, MMC). Confidential <br />Information is forbidden from being stored on, transported on, copied to or backed up <br />on portable/removable media. <br />C) “Portable/Removable Devices” means any small computing device that can be <br />transported, including but not limited to: handhelds/PDAs/Smartphones; Ultramobile <br />PC’s, flash memory devices (e.g. USB flash drives, personal media players); and <br />laptops/notebook/tablet computers. <br />D) “Secured Area” means an area to which only Authorized Users have access. Secured <br />Areas may include buildings, rooms, or locked storage containers (such as a filing <br />cabinet) within a room, as long as access to the Data is not available to unauthorized <br />personnel. <br />E) “Transmitting” means the transferring of data electronically, such as via email, SFTP, etc. <br />F) “Trusted System(s)” means the following methods of physical delivery: <br />1) hand-delivery by a person authorized to have access to the Confidential Information <br />with written acknowledgement of receipt; <br />2) United States Postal Service (“USPS”) first class mail, or USPS delivery services that <br />include Tracking, such as Certified Mail, Express Mail or Registered Mail; (3) <br />commercial delivery services (e.g. FedEx, UPS, DHL) which offer tracking and receipt <br />confirmation; and (4) City interoffice mail system, using a privacy envelope. <br />G) “Unique User ID” means a string of characters that identifies a specific user and which, in <br />conjunction with a password, passphrase, or other mechanism, authenticates a user to <br />an information system. <br />2. Data Transmission <br />A) When transmitting City’s Confidential Information electronically, including via email, the <br />Data must be encrypted using NIST 800-series approved algorithms <br />(http://csrc.nist.gov/publications/PubsSPs.html). This includes transmission over the public <br />internet. <br />B) When transmitting City’s Confidential Information via paper documents, the Receiving <br />Party must use a Trusted System.