My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Res-2021-176 Interlocal
>
Meetings
>
2021
>
11. November
>
2021-11-16 10:00 AM - Commissioners' Agenda
>
Res-2021-176 Interlocal
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/22/2021 11:17:03 AM
Creation date
11/22/2021 11:16:50 AM
Metadata
Fields
Template:
Meeting
Date
11/16/2021
Meeting title
Commissioners' Agenda
Location
Commissioners' Auditorium
Address
205 West 5th Room 109 - Ellensburg
Meeting type
Regular
Meeting document type
Fully Executed Version
Supplemental fields
Alpha Order
h
Item
Request to Approve a Resolution Authorizing an Interlocal Agreement between the Kittitas County Public Health Department and the Washington State Department of Health
Order
8
Placement
Consent Agenda
Row ID
83265
Type
Resolution
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
18
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
a <br />a <br />DOH Contract GV L26649 -0 <br />Revision October 2021 <br />A. The subrecipient's prior experience with the same or similar subawards; <br />B. The results of previous audits including whether or not the subrecipient receives a Single Audit in <br />accordance with Subpart F-Audit Requirements of this part, and the extent to which the same or <br />similar subaward has been audited as a major program; <br />C. Whether the subrecipient has new personnel or new or substantially changed systems; andD. The extent and results of Federal awarding agency monitoring (e.g., if the subrecipient also receives <br />Federal awards directly from a Federal awarding agency). <br />SECURITY OF INFORMATION - Unless otherwise specifically authorized by the DOH Chief <br />Information Security Officer, Contractor receiving confidential information under this contract assures that: <br />encryption is selected and applied using industry standard algorithms validated by the National <br />Institute of Standards and Technology (NIST) Cryptographic Algorithm Validation hogram against <br />all information stored locally and off-site. Information must be encrypted both in-transit and a-t rest <br />and applied in such away that it renders data unusable to anyone but authorized personnel, and the <br />confidential process, encryption key or other means to decipher the information is protected from <br />unauthorized access. <br />It is compliant with the applicable provisions of the Washington State Office of the Chief Information <br />officer (oclo) policy 141, Securing Information Technologr Assets, available at: <br />https ://ocio.wa. gov/po licy/securing-information-technology-assets. <br />It will provide DOH copies of its IT security policies, practices and procedures upon the request of the <br />DOH Chief Information Security Offrcer. <br />DOH may at arry time conduct an audit of the Contractor's security practices and/or infrastructure to <br />assure compliance with the security requirements of this contract. <br />It has implemented physical, electronic and administrative safeguards that are consistent with OCIO <br />security standard 141.10 and ISB IT guidelines to prevent unauthorized access, use, modification or <br />disclosure of DOH Confidential Information in any form. This includes, but is not limited to, restricting <br />access to specifically authorized individuals and services through the use of: <br />o Documented access authorization and change control procedures;o Card key systems that reshict, monitor and log access;o Locked racks for the storage of servers that contain Confidential Information or use AES encryption <br />(key lengths of 256 bits or greater) to protect confidential data at rest, standard algorithms validated <br />by the National Institute of Standards and Technolory (NIST) Cryptographic Algorithm Validation <br />Program (CMVP); <br />o Documented patch management practices that asswe all network systems are running critical <br />security updates within 6 days of release when the exploit is in the wild, and within 30 days of <br />release for all others; <br />o Documented anti-virus strategies that assure all systems are running the most current anti-virus <br />signatures within I day of release; <br />o Complex passwords that are systematically enforced and password expiration not to exceed 120 <br />days, dependent user authentication types as defined in OCIO security standards;o Strong multi-factor authentication mechanisms that assure the identity of individuals who access <br />Confi dential Information; <br />o Account lock-out after 5 failed authentication attempts for a minimum of 15 minutes, or for <br />Confidential Information, until administrator reset;o AES encryption (using key lengths 128 bits or greater) session for all data transmissions, standard <br />algorithms validated by NIST CMVP; <br />o Firewall rules and network address translation that isolate database servers from web servers and <br />public networks; <br />o Regular review of firewall rules and configurations to assure compliance with authorization and <br />change control procedures; <br />a <br />a <br />a <br />Page 5 of27
The URL can be used to link to this page
Your browser does not support the video tag.