My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
2018/08/08 Council Agenda Packet
>
Council Agenda Packets
>
2018
>
2018/08/08 Council Agenda Packet
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
8/14/2018 10:37:12 AM
Creation date
8/14/2018 10:36:06 AM
Metadata
Fields
Template:
Council Agenda Packet
Date
8/8/2018
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
148
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
I4 <br /> Attachment A <br /> Data Security Requirements <br /> 'I. DATA CLASSIFICATION <br /> The classification of the Data shared under this Agreement includes: <br /> ❑ Category 1 — Public Information <br /> ❑ Category 2—Sensitive Information <br /> ® Category 3—Confidential Information (includes Personal Information) <br /> Z Category 4— Confidential Information Requiring Special Handling (if Social Security <br /> Numbers, or medical information are provided) <br /> For all Confidential Data that is electronically stored, processed, or transmitted, Licensee shall <br /> apply the following requirements: <br /> 2. DATA SECURITY <br /> Licensee must protect the confidentiality, integrity and availability of Data with administrative, <br /> technical and physical measures that meet generally recognized industry standards and best <br /> practices or standards established by the Washington State Office of the Chief Information <br /> Officer (OCiO). <br /> Examples of industry standards and best practices include any of the following: <br /> a) ISO 27002 <br /> b) PCI DSS <br /> c) NIST 800 series <br /> d) OCIO 141.10 (https://ocio.wa.gov/policies/'141-securinci-information-technology- <br /> assets/14110-securing-information-technology-assets) <br /> NOTE: DOL has the right to implement security measures that.may exceed OCIO or industry <br /> standards and best practices; if any security measures of this Agreement exceed OCIO or industry <br /> standards and best practices, then the higher DOL measures will apply. However, if any security <br /> measures of this Agreement fall below OCIO standards,then OCIO standards will apply. <br /> 3. NETWORK SECURITY <br /> Licensee's network security must include the following: <br /> a) Network firewall provisioning <br /> b) Intrusion detection <br /> c) Quarterly vulnerability assessments <br /> d) Annual penetration tests. <br /> 4. ACCESS SECURITY <br /> Licensee shall restrict Authorized User access to the Data by requiring a login using a unique <br /> user ID and complex password or other authentication mechanism which provides equal or <br /> greater security. Passwords must be changed on a periodic basis at least quarterly. The <br /> sharing of user ID and passwords is strictly prohibited. Licensee is solely responsible for <br /> protection of all of its user IDs and passwords, and is responsible for all breaches caused <br /> through the use of its user IDs and passwords. <br /> 5. APPLICATION SECURITY <br /> Licensee shall maintain and support its software and subsequent upgrades, updates, <br /> patches, and bug fixes such that the software is, and remains secure from known <br /> vulnerabilities. Licensee must secure web applications that minimally meet all the security <br /> controls as generally described in either: <br /> 18 <br />
The URL can be used to link to this page
Your browser does not support the video tag.