|
f. "Encrypt" means to encode Confidential Information into a format that can only be read by those
<br />possessing a "key"; a password, digital certificate or other mechanism available only to authorized
<br />users. Encryption must use a key length of at least 256 bits for symmetric keys, or 2048 bits for
<br />asymmetric keys. When a symmetric key is used, the Advanced Encryption Standard (AES) must
<br />be used if available.
<br />g. "FedRAMP" means the Federal Risk and Authorization Management Program (see
<br />httos://wvw✓.fedramp.gov/), which is an assessment and authorization process that federal
<br />government agencies have been directed to use to ensure security is in place when accessing
<br />Cloud computing products and services.
<br />h. "Hardened Password" means a string of at least eight characters containing at least three of the
<br />following four character classes: Uppercase alphabetic, lowercase alphabetic, numeral, and special
<br />characters such as an asterisk, ampersand, or exclamation point.
<br />i. "Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile
<br />operating system, such as iOS, Android, or Windows Phone. Mobile Devices include smart phones,
<br />most tablets, and other form factors.
<br />"Multi -factor Authentication" means controlling access to computers and other IT resources by
<br />requiring two or more pieces of evidence that the user is who they claim to be. These pieces of
<br />evidence consist of something the user knows, such as a password or PIN; something the user has
<br />such as a key card, smart card, or physical token; and something the user is, a biometric identifier
<br />such as a fingerprint, facial scan, or retinal scan. "PIN" means a personal identification number, a
<br />series of numbers which act as a password for a device. Since PINS are typically only four to six
<br />characters, PINS are usually used in conjunction with another factor of authentication, such as a
<br />fingerprint.
<br />k. "Personal Information" shall have the same meaning as described in RCW 42.56.590(10) and
<br />includes, but is not limited to, information protected under chapter 13.50 RCW, Health Care
<br />Information as that phrase is defined in RCW 70.02.010, personally identifiable information, and
<br />other information that relates to a person's name and the use or receipt of governmental services or
<br />other activities.
<br />I. "Portable Device" means any computing device with a small form factor, designed to be transported
<br />from place to place. Portable devices are primarily battery powered devices with base computing
<br />resources in the form of a processor, memory, storage, and network access. Examples include, but
<br />are not limited to, mobile phones, tablets, and laptops. Mobile Device is a subset of Portable
<br />Device.
<br />m. "Portable Media" means any machine-readable media that may routinely be stored or moved
<br />independently of computing devices. Examples include magnetic tapes, optical discs (CDs or
<br />DVDs), flash memory (thumb drive) devices, external hard drives, and internal hard drives that have
<br />been removed from a computing device.
<br />n. "Physically Secure" or "Physical Security' means that access is restricted through physical means
<br />to authorized individuals only.
<br />o. "Secure Area" means an area to which only authorized representatives of the entity possessing the
<br />Confidential Information have access, and access is controlled through use of a key, card key,
<br />combination lock, or comparable mechanism. Secure Areas may include buildings, rooms or
<br />locked storage containers (such as a filing cabinet or desk drawer) within a room, as long as access
<br />to the Confidential Information is not available to unauthorized personnel. In otherwise Secure
<br />Areas, such as an office with restricted access, the Data must be secured in such away as to
<br />Depa rim ant of Children, Youth & Families
<br />2017CF County Program Agreement 6-24-20 Page 16
<br />
|