|
Special Terms and Conditions
<br />i. "Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile
<br />operating system, such as iOS, Android, or Windows Phone. Mobile Devices include smart phones,
<br />most tablets, and other form factors.
<br />j. "Multi-factor Authentication" means controlling access to computers and other lT resources by
<br />requiring two or more pieces of evidence that the user is who they claim to be. These pieces of
<br />evidence consist of something the user knows, such as a password or PIN; something the user has
<br />such as a key card, smart card, or physicaltoken; and something the user is, a biometric identifier
<br />such as a fingerprint, facial scan, or retinal scan. "PlN" means a personal identification number, a
<br />series of numbers which act as a password for a device. Since PlNs are typically only four to six
<br />characters, PlNs are usually used in conjunction with another factor of authentication, such as a
<br />fingerprint.
<br />k. "Portable Device" means any computing device with a smallform factor, designed to be transported
<br />from place to place. Portable devices are primarily battery powered devices with base computing
<br />resources in the form of a processor, memory, storage, and network access. Examples include, but
<br />are not limited to, mobile phones, tablets, and laptops. Mobile Device is a subset of Portable
<br />Device.
<br />"Portable Media" means any machine readable media that may routinely be stored or moved
<br />independently of computing devices. Examples include magnetic tapes, optical discs (CDs or
<br />DVDs), flash memory (thumb drive) devices, external hard drives, and internal hard drives that have
<br />been removed from a computing device.
<br />m. "Secure Area" means an area to which only authorized representatives of the entity possessing the
<br />Confidential lnformation have access, and access is controlled through use of a key, card key,
<br />combination lock, or comparable mechanism. Secure Areas may include buildings, rooms or
<br />locked storage containers (such as a filing cabinet or desk drawer)within a room, as long as access
<br />to the Confidential lnformation is not available to unauthorized personnel. ln othenryise Secure
<br />Areas, such as an office with restricted access, the Data must be secured in such a way as to
<br />prevent access by non-authorized staff such as janitorial or facility security staff, when authorized
<br />Contractor staff are not present to ensure that non-authorized staff cannot access it.
<br />n. "Trusted Network" means a network operated and maintained by the Contractor, which includes
<br />security controls sufficient to protect DSHS Data on that network. Controls would include a firewall
<br />between any other networks, access control lists on networking devices such as routers and
<br />switches, and other such mechanisms which protect the confidentiality, integrity, and availability of
<br />the Data.
<br />o "Unique User lD" means a string of characters that identifies a specific user and which, in
<br />conjunction with a password, passphrase or other mechanism, authenticates a user to an
<br />information system.
<br />2. Authority. The security requirements described in this document reflect the applicable requirements of
<br />Standard 141.10 //ocio.wa.tctes of the Office of the Chief lnformation Officer for the state
<br />of Washington, and of the DSHS lnformation Security Policy and Standards Manual. Reference
<br />material related to these requirements can be found here: https://www.dshs.wa.qov/ffalkeepinq-dshs-
<br />client-information-private-and-secure, which is a site developed by the DSHS lnformation Security
<br />Office and hosted by DSHS Central Contracts and Legal Services.
<br />3. Administrative Controls. The Contractor must have the following controls in place:
<br />a. A documented security policy governing the secure use of its computer network and systems, and
<br />DSHS Central Contract Services
<br />6017CF County Program Agreement (10-31-2017)Page 10
|