|
DociiSigrr [nv*lope lD; ]43301 1 1-63A7-4e37-94A9"11 26nA2/\CCfl4
<br />Special Terms and Conditions
<br />$,
<br />a. All fecleral and state lar,tzs and regulations, as currently enacted or revised, regarding ihe protection,
<br />security, anc{ electronic inlerchange of Conficlential Infornration, Data. Category 4 Dala, Sensitive
<br />Persorral lnformaliorr, and Materials; and
<br />b. All fede ral and state lau-rs and regulations, as currently enacted or revised, regarding ihe use,
<br />disclosure, rnodification or loss of Conficlential lnformation, Data, Category 4 Data, $ensitive
<br />Personal lnforrnatian, and Materials"
<br />Administrative Controls. The Coniractor nrust have the foflowing controls rn place:
<br />a, A documented security policy governing the se cure use of its compuler network, mobrie devices,portable devices, as well as, d?ny fornr of paperllrard copy clocuments, ancl which defines sanctionsthat m6y be applied to Contracior stafl for violating ilrai policy.
<br />b. se curily alvareness training for all staff, presented annually, as follows:
<br />(1). Contractor staff responsibilities under tlre Contractor's security policy;
<br />(?), Contactor staff responsibilities as outlined under contract Exhibit A; and
<br />(3). Must successfully complete the DCYF lnfornration SecLrrity Awareness Training, which can be
<br />,Authorization, Authenticalion, and Access. In order to ensure that access to the Dala is limited {oauthorizod staff, the Contracior nrust:
<br />a. Have documented policies and procedures ihat;
<br />, (J) Govern access to systerls; and
<br />(2).Govern access to paper/hard copy clocunrents and files.
<br />b. Resirict access thror-rgh administrative, ph5r5i6sl, and teclrnical controls to authorized staff,
<br />c. Ensure that user accounts are unique and that any given user account logon lD ancl password
<br />cotnl:inalion is knor,vn only to the one staff menrber to wlronr that accourrl is assigned, For
<br />purposes of non-repr"rdiation, it nrust alw,ays be possible lo deterrnine which staff rnecrhrer
<br />perforrned a given actiott on a systenr housing the Data based sclely on the logon lD used to
<br />perfcrrnr llre actiorr;
<br />d. Ensure that only auihorized users are capable of accessing the Data;
<br />e. Fnsure llrat an emplo5rse's acc';ss to Data is rernoved r,vithin twenty-four (?4) hours:
<br />{1), Upon sr,ispectcci comprorrise of the user creclerrtials;
<br />(2i When their etnployntent, or the contract under r,,uhiclr the Data is made available 1o them, is
<br />lerminated;
<br />(3) When they no longer need access to the Data to firlfill the requirements of the Contract: ancJ
<br />(4).\\'hen the slaff tnetnber has been suspelrded frorn perfornring services irnclerthis Contract.
<br />f. Have a process to reviewand verify, quar1eily, thalonly authorized users have accesslo systerls
<br />D{ji-ie{meni of *lrildren. Youth S Fanrilies
<br />3C17CF Courrly PrQgrain Agreerncnl (6-l-2itl$)
<br />b.
<br />Pagc $
|