My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
DDA Services
>
Meetings
>
2019
>
08. August
>
2019-08-20 10:00 AM - Commissioners' Agenda
>
DDA Services
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
10/23/2019 9:11:09 AM
Creation date
10/23/2019 9:10:45 AM
Metadata
Fields
Template:
Meeting
Date
8/20/2019
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Fully Executed Version
Supplemental fields
Alpha Order
g
Item
Request to Approve an Agreement between the Department of Social and Health Services and the Kittitas County Public Health Department
Order
7
Placement
Consent Agenda
Row ID
55882
Type
Contract
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
26
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Exhibit A -Data Security Requirements <br />1 . Definitions. The words and phrases listed below, as used in this Exhibit, shall each have the following <br />definitions: <br />a. "AES" means the Advanced Encryption Standard, a specification of Federal Information Processing <br />Standards Publications for the encryption of electronic data issued by the National Institute of <br />Standards and Technology (http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf). <br />b. "Authorized Users(s)" means an individual or individuals with a business need to access DSHS <br />Confidential Information, and who has or have been authorized to do so. <br />c. "Category 4 Data" is data that is confidential and requires special handling due to statutes or <br />regulations that require especially strict protection of the data and from which especially serious <br />consequences may arise in the event of any compromise of such data. For purposes of this <br />contract, data classified as Category 4 refers to data protected by: the Health Insurance Portability <br />and Accountability Act (HIPAA). <br />d. "Cloud" means data storage on servers hosted by an entity other than the Contractor and on a <br />network outside the control of the Contractor. Physical storage of data in the cloud typically spans <br />multiple servers and often multiple locations. Cloud storage can be divided between consumer <br />grade storage for personal files and enterprise grade for companies and governmental entities. <br />Examples of consumer grade storage would include iCloud, Dropbox, Box.com, and many other <br />entities. Enterprise cloud vendors include Microsoft Azure, Amazon Web Services, 0365, and <br />Rackspace. <br />e. "Encrypt" means to encode Confidential Information into a format that can only be read by those <br />possessing a "key"; a password, digital certificate or other mechanism available only to authorized <br />users. Encryption must use a key length of at least 128 bits (256 preferred and required to be <br />implemented by 6/30/2020) for symmetric keys, or 2048 bits for asymmetric keys. When a <br />symmetric key is used, the Advanced Encryption Standard (AES) must be used if available. <br />f. "Hardened Password" means a string of at least eight characters containing at least three of the <br />following four character classes: Uppercase alphabetic, lowercase alphabetic, numeral, and special <br />characters such as an asterisk, ampersand, or exclamation point. <br />g. "Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile <br />operating system, such as iOS, Android, or Windows Phone. Mobile Devices include smart phones, <br />most tablets, and other form factors. <br />h. "Multi-factor Authentication" means controlling access to computers and other IT resources by <br />requiring two or more pieces of evidence that the user is who they claim to be. These pieces of <br />evidence consist of something the user knows, such as a password or PIN; something the user has <br />such as a key card, smart card, or physical token; and something the user is, a biometric identifier <br />such as a fingerprint, facial scan, or retinal scan. "PIN" means a personal identification number, a <br />series of numbers which act as a password for a device. Since PINs are typically only four to six <br />characters, PINs are usually used in conjunction with another factor of authentication, such as a <br />fingerprint. <br />i. "Portable Device" means any computing device with a small form factor, designed to be transported <br />from place to place. Portable devices are primarily battery powered devices with base computing <br />resources in the form of a processor, memory, storage, and network access. Examples include, but <br />DSHS Central Contract Services <br />1769CS County Agreement 5-1-2019 <br />Page 16
The URL can be used to link to this page
Your browser does not support the video tag.