My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt19 County of San Mateo
RedwoodCity
>
City Clerk
>
Agreements
>
2010-2019
>
2019
>
Agmt19 County of San Mateo
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/15/2019 8:53:26 AM
Creation date
7/15/2019 8:53:14 AM
Metadata
Fields
Template:
Agreement
Contractor Name
County of San Mateo
PROJECT NAME
Information and Referral services at FOCC
RMP File Number
304
Date
6/26/2019
MO Ref
19-114
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
14
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
Contractor shall ensure that all electronic files, which contain PI data is <br />encrypted when stored on any mobile device or removable media (i.e. <br />USB drives, CD/DVD, smartphones, tablets, backup tapes etc.). <br />Encryption must be a FIPS 140-2 certified algorithm 128 bit or higher, <br />such as AES. It is encouraged, when available and when feasible, that the <br />encryption be 256 bit. <br />s. Contractor shall ensure that all workstations, laptops and other systems, <br />which process and/or store PII, must install and actively use an antivirus <br />software solution. Antivirus software should have automatic updates for <br />definitions scheduled at least daily. In addition, Contractor shall ensure <br />that: <br />i. All workstations, laptops and other systems, which process and/or <br />store PII, must have critical security patches applied, with system <br />reboot if necessary. <br />ii. There must be a documented patch management process that <br />determines installation timeframe based on risk assessment and <br />vendor recommendations. <br />iii. At a maximum, all applicable patches deemed as critical must be <br />installed within thirty (30) days of vendor release. It is <br />recommended that critical patches which are high risk be installed <br />within seven (7) days. <br />iv. Applications and systems that cannot be patched within this time <br />frame, due to significant operational reasons, must have <br />compensatory controls implemented to minimize risk. <br />t. Contractor shall ensure that all of its staff accessing Personally Identifiable <br />Information on applications and systems will be issued a unique individual <br />password that is a least eight (8) characters, a non -dictionary word, <br />composed of characters from at least three (3) of the following four (4) <br />groups from the standard keyboard: upper case letters (A -Z); lower case <br />letters (a -z); Arabic numerals (0-9) and special characters (!, @, #, etc.). <br />Passwords are not to be shared and changed if revealed or compromised. <br />All passwords must be changed every (90) days or less and must not be <br />stored in readable format on the computer or server. <br />u. Contractor shall ensure that usernames for its staff authorized to access <br />PI will be promptly disabled, deleted, or the password changed upon the <br />transfer or termination of an employee within twenty- four (24) hours. <br />Note: Twenty-four (24) hours is defined as one (1) working day. <br />v. Contractor shall ensure when no longer needed, all PH must be cleared, <br />purged, or destroyed consistent with NIST SP 800-88, Guidelines for <br />Template Version Date—August 26, 2016 <br />Page 9 <br />
The URL can be used to link to this page
Your browser does not support the video tag.