DSHS Agreement 1863-31751 - Laserfiche WebLink

Home Browse Search

Special Terms and Conditions i. "Mobile Device" means a computing device, typ ically smaller than a notebook , which r uns a m0bile operating syste m, such as 1OS, And roid , or Win dows Phone . Mobile Devices include smart'phones , most tablets , and other form factors. j. "Multi-factor Authentication" means controlling access to computers and other IT resources by requiring two or more pieces of evidence that the user is who they claim to be . These pieces of evidence consist of something the user knows , such as a password or PIN; something the user has such as a key card, smart card, or physical token; and something the user is, a biometric identifier such as a fingerprint, facial scan, or retina l scan. "PIN" means a personal identificati on number, a series of numbers which act as a password for a device. Since PINs are typically only four to six characters, PINs are usually used in conjunction with another factor of authentication, such as a fingerprint. k. "Portable Device" means any computing device with a small form factor, desi gned to be transported fr0m place t0 place. Portable devices are primarily b~ttery powered devices with base computing resources in the form of a processor, memory, storage, and network access. Ex amples include, but are not limited to , mobi le phones, tablets, arid laptops. Mobile Device is a subset of Portable Device. I. "Portable Media" means any machine readable media that may routinely be stored or moved independently of computing devices. Examples include magnetic tapes, optical discs (CDs or DVDs), flash memory (thumb drive) devices, external hard drives, and internal hard drives that have been removed from a computing device. m. "Secure Area " means an area to which only authorized representatives of the entity possessin g the Confidential l hformatlon have access, and access is controlled throu·gh use of a key, card key, combination lock, or comparable mechanism. Secure Areas may Include buildings, rooms or locked storage containers (such as a filing cabi net or desk drawer) within a room, as long as acces s to the Confid ential Informati on is not available to unauthorized personnel. In otherwise Secure Areas, such as an offite wit h restri cted access , the Data must be secured in such a way as to pre vent access by non -authorized staff such as ja nitorial or fa cility security staff, when autho rized Contracto r staff are not present to ensure that non-authorized staff cannot access it. n. "Trusted Network" means a network operated and maintained by the Contractor, which includes security controls sufficient to protect DSHS Data on that network. Controls would include a firewall between any other networks, access control lists on networking devices such as routers and switches, and other such mechanisms wh ich protect the confidentiality, integrity, and availabil ity of the Data . o. "Unique User ID" means a string of cha racters that identifies a specific user and which, in co njunction with a password, passphrase or other mechanism , authenticates a user to an information system. 2 . Authority. The security requirements described in this document reflect the applicable requ irements of Standard 141 .10 (https://ocio:wa .gov/policies ) of the Office of the Chief Information Officer for the state of Washington , and of the DSHS Information Security Policy and Standards Manual. Reference material related to these r equirements can be found here: https://www.dsbs.wa .gov/fsa/central- contract-services/keeplng -dshs-client-information-private-and-se.cure, wh ich is a site developed by the DSHS Information Security Office and hosted by DSHS Central Contracts and Leg-al Services . 3. Administrative Controls. The Contractor must have the following controls in place : a. A documented securi ty policy governing the secure use of its computer network and systems, and DSHS Central Contract Services 5048CF County Program Agreement (11-22-2011 ) Pa ge 7