|
f. "Encrypt" means to encode Confidential lnformation into a format that can only be read by those
<br />possessing a "key"; a password, digital certificate or other mechanism available only to authorized
<br />users. Encryption must use a key length of at least 256 bits for symmetric keys, or 2048 bits for
<br />asymmetric keys. When a symmetric key is used, the Advanced Encryption Standard (AES) must
<br />be used if available.
<br />g. "FedRAMP" means the Federal Risk and Authorization Management Program (see
<br />ttl!psl*wl*drerui?S-$.v1-), which is an assessment and authorization process that federal
<br />government agencies have been directed to use to ensure security is in place when accessing
<br />Cloud computing products and seruices.
<br />h
<br />k.
<br />"Hardened Password" means a string of at least eight characters containing at least three of the
<br />following four character classes: Uppercase alphabetic, lowercase alphabetic, numeral, and special
<br />characters such as an asterisk, ampersand, or exclamation point.
<br />"Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile
<br />operating system, such as iOS, Android, or Windours Phone. Mobile Devices include smart phones,
<br />most tablets, and other form factors.
<br />"Multi-factor Authentication" means controlling access to computers and other lT resources by
<br />requiring two or more pieces of evidence that the user is who they claim to be. These pieces of
<br />evidence consist of something the user knows, such as a password or PIN; something the user has
<br />such as a key card, smart card, or physical token; and something the user is, a biometric identifier
<br />such as a fingerprint, facial scan, or retinalscan. "PlN" means a personal identification number, a
<br />series of numbers which act as a password for a device. Since PlNs are typically only four to six
<br />characters, PlNs are usually used in conjunction with another factor of authentication, such as a
<br />fingerprint.
<br />"Personal lnformation" shall have the same meaning as described in RCW 42.56.590(10)and
<br />includes, but is not limited to, information protected under chapter 13.50 RCW, Health Care
<br />lnformation as that phrase is defined in RCW 70.02.010, personally identifiable information, and
<br />other information that relates to a person's name and the use or reteipt of governmental services or
<br />other activities.
<br />"Portable Device" me€ns any computing device with a small form factor, designed to be transported
<br />from place to place. Portable devices are primarily battery powered devices with base compuiing
<br />resources in the form of a processor, memory, storage, and network access. Examples inciude,*but
<br />are not limited to, mobile phones, tablets, and laptops. Mobile Device is a subset of portable
<br />Device.
<br />"Portable Media" means any machine-readable media that may routinely be stored or moved
<br />independently of computing devices. Examples include magnetic tapes, optical discs (CDs or
<br />DVDs), flash memory (thumb drive) devices, external hard drives, and intemal hard drives that have
<br />been removed from a computing device.
<br />"Physically Secure" or "Physical Security" means that access is restricted through physical means
<br />to authorized individuals only.
<br />"secure Area" means an area to which only authorized representatives of the entity possessing theConfidential lnformation have access, and access is contiolled through use of a key, card key,-combination lock, or comparable mechanism. Secure Areas may inJlude buildings, rooms orlocked storage contajners (such as a filing cabinet or desk drawer) Wthin u roorJu. long as accessto the Confidential lnformation is not available to unauthorized peisonnel. ln otherwise SecureAreas, such as an office with restricted access, the Data must be secured in such a way as to
<br />m.
<br />Departmentof Children, Youth & Families
<br />2017CF County Program Agreement 6-24-20
<br />n
<br />o
<br />Page 1 6
|