|
e. "Cloud" means data storage on servers hosted by an entity other than the Contractor and on a
<br />network outside the control of the Contractor. Physical storage of data in the cloud typically spans
<br />multiple servers and often multiple locations. Cloud storage can be divided between consumer
<br />grade storage for personal files and enterprise grade for companies and governmental entities.
<br />Examples of consumer grade storage would include iTunes, Dropbox, Box.com, and many other
<br />entities. Enterprise cloud vendors include Microsoft Azure, Amazon Web Services, and Rackspace
<br />f. "Confidential lnformation" means to encode Confidential lnformation into a format that can only be
<br />read by those possessing a "key"; a password, digital certificate or other mechanism available only
<br />to authorized users. Encryption must use a key length of at least 256 bits for symmetric keys, or
<br />2048 bits for asymmetric keys. When a symmetric key is used, the Advanced Encryption Standard
<br />(AES) must be used if available.
<br />g. "Data" means DCYF's records, files, forms, information and other documents in electronic or hard
<br />copy medium. "Data" includes, but is not limited to, Confidential lnformation, Category 4 Data,
<br />Sensitive Personal lnformation, or Materials.
<br />h. "Encrypt" means to encode Confidential lnformation into a format that can only be read by those
<br />possessing a "key"; a password, digital certificate or other mechanism available only to authorized
<br />users. Encryption must use a key length of at least 256 bits for symmetric keys, or 2O4B bits for
<br />asymmetric keys. When a symmetric key is used, the Advanced Encryption Standard (AES) must
<br />be used if available.
<br />L "FedRAMP" means the Federal Risk and Authorization Management Program (see
<br />https://www.fedramp.gov/), which is an assessment and authorization process that federal
<br />government agencies have been directed to use to ensure security is in place when accessing
<br />Cloud computing products and services.
<br />"Hardened Password" means a string of at least eight characters containing at least three of the
<br />following four character classes: Uppercase alphabetic, lowercase atphabetic, numeral, and special
<br />characters such as an asterisk, ampersand, or exclamation point.
<br />"Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile
<br />operating system, such as iOS, Android, or Windows Phone. Mobile Devices include smart phones,
<br />most tablets, and other form factors.
<br />"Multi-factor Authenticaiion" means controlling access to computers and other lT resources byrequiring two or more pieces of evidence that the user is who they claim to be. These pieces ofevidence consist of something the user knows, such as a password or PIN; something the user hassuch as a key card, slart card, or physical token; and something the ,sur ir, a biometric identifiersuch as a fingerprint, facial scan, or retinal scan. "PlN" means a personal identification number, aseries of numbers which act as a password for a device. Since PlNs are typically only four to sixcharacters, PlNs are usually used in conjunction with another factor of authenticition, such as afingerprint.
<br />"Portable Device" means any computing device with a small form factor, designed to be transportedfrom place to place' Porlable devices are primarily battery powered devices,irith base computingresources in the form of a processor, memory, storage, and' network access. Examples include, butare not limited to, mobile phones, tablets, and laptop!. Mobile Device is a subset of portable
<br />Device.
<br />k.
<br />m
<br />Department of Children, youth & Families
<br />2017CF County Program Agreement 6-24_20
<br />Page g
|