My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
AgdaPkt 2020-10-12 Joint SA PFA
RedwoodCity
>
City Clerk
>
Agenda Packets
>
2020-2029
>
2020
>
AgdaPkt 2020-10-12 Joint SA PFA
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/14/2020 12:39:00 PM
Creation date
10/12/2020 11:30:12 AM
Metadata
Fields
Template:
CC Index
CC Index - Document Type
Agenda Packet
Meeting Type
Joint
Agency Type
City Council and Successor Agency and Public Financing Authority
Date
10/12/2020
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
506
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
6.Q. - Page 16 of 45 <br />Media Sanitization, such that the Personally Identifiable Information <br />cannot be retrieved. <br />w. Contractor shall ensure that all of its systems providing access to PH must <br />provide an automatic timeout, requiring re -authentication of the user <br />session after no more than twenty (20) minutes of inactivity. <br />x. Contractor shall ensure that all of its systems providing access to PH must <br />display a warning banner stating, at a minimum that data is confidential; <br />systems are logged, systems use is for business purposes only by <br />authorized users and users shall log off the system immediately if they do <br />not agree with these requirements. <br />y. Contractor will ensure that all of its systems providing access to PH must <br />maintain an automated audit trail that can identify the user or system <br />process which initiates a request for PII, or alters PII. The audit trail shall <br />be date and time stamped; log both successful and failed accesses be <br />read -access only; and be restricted to authorized users. If PH is stored in <br />a database, database logging functionality shall be enabled. The audit <br />trail data shall be archived for at least three (3) years from the occurrence. <br />z. Contractor shall ensure that all of its systems providing access to PH shall <br />use role -based access controls for all user authentications, enforcing the <br />principle of least privilege. <br />aa. Contractor shall ensure that all data transmissions of PH outside of its <br />secure internal networks must be encrypted using a Federal Information <br />Processing Standard (FIPS) 140-2 certified algorithm that is 128 bit or <br />higher, such as Advanced Encryption Standard (AES) or Transport Layer <br />Security (TLS). It is encouraged, when available and when feasible, that <br />256 bit encryption be used. Encryption can be end to end at the network <br />level, or the data files containing PH can be encrypted. This requirement <br />pertains to any type of PH in motion such as website access, file transfer, <br />and email. <br />bb. Contractor shall ensure that all of its systems involved in accessing, <br />storing, transporting, and protecting PII, which are accessible through the <br />Internet, must be protected by an intrusion detection and prevention <br />solution. <br />cc. Contractor shall ensure that audit control mechanisms are in place. All <br />Contractor systems processing and/or storing Personally Identifiable <br />Information must have a least an annual system risk assess ment/security <br />review that ensure administrative, physical, and technical controls are <br />functioning effectively and provide an adequate level of protection. <br />Review shall include vulnerability scanning tools. <br />Template Version Date — August 26, 2016 <br />Page 10 <br />191 <br />
The URL can be used to link to this page
Your browser does not support the video tag.