My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt19 County of San Mateo
RedwoodCity
>
City Clerk
>
Agreements
>
2010-2019
>
2019
>
Agmt19 County of San Mateo
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/15/2019 8:53:26 AM
Creation date
7/15/2019 8:53:14 AM
Metadata
Fields
Template:
Agreement
Contractor Name
County of San Mateo
PROJECT NAME
Information and Referral services at FOCC
RMP File Number
304
Date
6/26/2019
MO Ref
19-114
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
14
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
Media Sanitization, such that the Personally Identifiable Information <br />cannot be retrieved. <br />w. Contractor shall ensure that all of its systems providing access to PH must <br />provide an automatic timeout, requiring re -authentication of the user <br />session after no more than twenty (20) minutes of inactivity. <br />x. Contractor shall ensure that all of its systems providing access to PH must <br />display a warning banner stating, at a minimum that data is confidential; <br />systems are logged, systems use is for business purposes only by <br />authorized users and users shall log off the system immediately if they do <br />not agree with these requirements. <br />y. Contractor will ensure that all of its systems providing access to PH must <br />maintain an automated audit trail that can identify the user or system <br />process which initiates a request for PII, or alters PII. The audit trail shall <br />be date and time stamped; log both successful and failed accesses be <br />read -access only; and be restricted to authorized users. If PH is stored in <br />a database, database logging functionality shall be enabled. The audit <br />trail data shall be archived for at least three (3) years from the occurrence. <br />z. Contractor shall ensure that all of its systems providing access to PH shall <br />use role -based access controls for all user authentications, enforcing the <br />principle of least privilege. <br />aa. Contractor shall ensure that all data transmissions of PH outside of its <br />secure internal networks must be encrypted using a Federal Information <br />Processing Standard (FIPS) 140-2 certified algorithm that is 128 bit or <br />higher, such as Advanced Encryption Standard (AES) or Transport Layer <br />Security (TLS). It is encouraged, when available and when feasible, that <br />256 bit encryption be used. Encryption can be end to end at the network <br />level, or the data files containing PH can be encrypted. This requirement <br />pertains to any type of PH in motion such as website access, file transfer, <br />and email. <br />bb. Contractor shall ensure that all of its systems involved in accessing, <br />storing, transporting, and protecting PII, which are accessible through the <br />Internet, must be protected by an intrusion detection and prevention <br />solution. <br />cc. Contractor shall ensure that audit control mechanisms are in place. All <br />Contractor systems processing and/or storing Personally Identifiable <br />Information must have a least an annual system risk assessment/security <br />review that ensure administrative, physical, and technical controls are <br />functioning effectively and provide an adequate level of protection. <br />Review shall include vulnerability scanning tools. <br />Template Version Date—August 26, 2016 <br />Page 10 <br />
The URL can be used to link to this page
Your browser does not support the video tag.