My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Washington State Department of Licensing 1/30/2026
>
Contracts
>
Agreement
>
Other Services Agreements
>
Washington State Department of Licensing 1/30/2026
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
1/30/2026 1:02:56 PM
Creation date
1/30/2026 1:01:46 PM
Metadata
Fields
Template:
Contracts
Contractor's Name
Washington State Department of Licensing
Approval Date
1/30/2026
End Date
1/1/2028
Department
Transit
Department Project Manager
Mike Schmieder
Subject / Project Title
Department of Licensing Commercial Driver License Program Third Party Tester K9319
Tracking Number
0005097
Total Compensation
$0.00
Contract Type
Agreement
Contract Subtype
Other Services Agreements
Retention Period
6 Years Then Destroy
Imported from EPIC
No
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
36
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Download electronic document
View images
View plain text
ATTACHMENT H: DOL PRIVACY AND DATA SECURITY REQUIREMENTS <br />Department of Licensing Page 34 of 36 Contract No: K9319 <br /> <br />The Contractor must meet the following minimum standard requirements for systems processing <br />Personal Information. Contractor’s controls for each topic must align with the selected industry <br />standard or as otherwise required by DOL below: <br />a. NETWORK SECURITY – Contractor must: <br />1) Use a network firewall that protects in-scope systems from untrusted networks, <br />2) An intrusion detection system or techniques that detect and or prevent intrusions on the <br />in-scope network, and <br />3) Perform quarterly vulnerability penetration tests. <br /> <br />b. ACCESS SECURITY – Contractor must have active user authentication, that at minimum: <br />1) Uses a unique user ID and complex password, <br />2) Password/passphrase expiration requirements must not exceed 120 days and must be <br />documented in the Contractor’s security program; OR password length must be a <br />minimum of 15 characters with a maximum 365-day expiration, and <br />3) Prohibits the use of generic and shared accounts. <br />c. APPLICATION SECURITY <br />1) Contractor shall maintain in-scope systems, receive software and subsequent upgrades, <br />updates, patches, and bug fixes that must, at minimum, be maintained and supported <br />such that the software is at all times secure from known vulnerabilities ranked “High” or <br />above. <br />2) All web applications must minimally meet all the security controls as generally described <br />in either: <br />i. The Open Web Application Security Project Top Ten (OWASP Top 10), or <br />ii. The CWE/SANS TOP 25 Most Dangerous Software Errors <br /> <br />d. COMPUTER SECURITY – Contractor must: <br />1) Maintain in-scope operating systems, and software updates and patches, no less than <br />monthly so they each remain secure from known vulnerabilities ranked “High” or above, <br />and <br />2) Have an active anti-malware solution with signatures updated no less than weekly. <br /> <br />e. DATA STORAGE <br />1) Contractor must maintain a list of all in-scope computing systems storing, processing, or <br />transmitting Personal Information. <br />2) Personal Information may not at any time be processed on or transferred to any <br />detachable portable storage medium. <br /> <br />NOTE: Laptop/tablet computing devices are not considered portable storage medium <br />when installed with end-point encryption. <br /> <br />f. ELECTRONIC DATA TRANSMISSION <br /> <br />Contractor must secure all internal and external electronic data transmissions of Personal <br />Information with strong encryption as defined at <br />https://www.pcmag.com/encyclopedia/term/strong-encryption. <br />Docusign Envelope ID: 4798BD77-1E90-44A1-9098-432C0EDF7393
The URL can be used to link to this page
Your browser does not support the video tag.