My WebLink
|
Help
|
About
|
Sign Out
Browse
Search
Agmt22 County of San Mateo
RedwoodCity
>
City Clerk
>
Agreements
>
2020-2029
>
2022
>
Agmt22 County of San Mateo
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/22/2023 2:17:54 PM
Creation date
7/19/2022 12:38:15 PM
Metadata
Fields
Template:
Agreement
Contractor Name
County of San Mateo
PROJECT NAME
Core Services/Information and Referral Program Provided at the Fair Oaks Community Center
RMP File Number
304
Date
6/30/2022
Amendment
Yes
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
40
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
Show annotations
View images
View plain text
Contract Template <,000 <br />May 2021 <br /> Page 32 <br />REV: 06-16-22 SK <br />m. Contractor shall ensure that any PII stored in a vehicle shall be in a non-visible <br />area such as a trunk, that the vehicle is locked, and under no circumstances permit <br />PII be left unattended in a vehicle overnight or for other extended periods of time. <br />n. Contractor shall ensure that PII shall not be left unattended at any time in airplanes, <br />buses, trains, etc., including baggage areas. This should be included in training <br />due to the nature of the risk. <br />o. Contractor shall ensure that all workstations and laptops, which use, store and/or <br />process PII, must be encrypted using a FIPS 140-2 certified algorithm 128 bit or <br />higher, such as Advanced Encryption Standard (AES). The encryption solution <br />must be full disk. It is encouraged, when available and when feasible, that the <br />encryption be 256 bit. <br />p. Contractor shall ensure that servers containing unencrypted PII must have <br />sufficient administrative, physical, and technical controls in place to protect that <br />data, based upon a risk assessment/system security review. It is recommended <br />to follow the guidelines documented in the latest revision of the National Institute <br />of Standards and Technology (NIST) Special Publication (SP) 800-53, Security <br />and Privacy Controls for Federal Information Systems and Organizations. <br />q. Contractor agrees that only the minimum necessary amount of PII required to <br />perform required business functions will be accessed, copied, downloaded, or <br />exported. <br />r. Contractor shall ensure that all electronic files, which contain PII data is encrypted <br />when stored on any mobile device or removable media (i.e. USB drives, CD/DVD, <br />smartphones, tablets, backup tapes etc.). Encryption must be a FIPS 140-2 <br />certified algorithm 128 bit or higher, such as AES. It is encouraged, when available <br />and when feasible, that the encryption be 256 bit. <br />s. Contractor shall ensure that all workstations, laptops and other systems, which <br />process and/or store PII, must install and actively use an antivirus software <br />solution. Antivirus software should have automatic updates for definitions <br />scheduled at least daily. In addition, Contractor shall ensure that: <br />i. All workstations, laptops and other systems, which process and/or store <br />PII, must have critical security patches applied, with system reboot if <br />necessary. <br />ii. There must be a documented patch management process that determines <br />installation timeframe based on risk assessment and vendor <br />recommendations. <br />iii. At a maximum, all applicable patches deemed as critical must be installed <br />within thirty (30) days of vendor release. It is recommended that critical <br />ATTY/AGR.2022.153/County of San Mateo (HSA Contract June 2022) (Page 32 of 37) <br />DocuSign Envelope ID: F5FF63A3-8103-4442-8F5F-F37301405123
The URL can be used to link to this page
Your browser does not support the video tag.