Resolution 2025-084 - Laserfiche WebLink

Home Browse Search

k. Special Terms and Conditions ',Mobile Device" means a computing device, typically smaller than a notebook, which runs a mobile operating system, such as iOS, nnOroiO, or Windows Phone. Mobile Devices include smart phones, most tablets, and other form factors. "Multi-factor Authentication" means controlling access to computers and other lT resources by requiring two or more pieces of evidence thaitne user is who they claim to be' These pieces of evidenc6 consist of something the user knows, such as a password or PIN; something the user has such as a key card, smart cafr, or physicaltoken; and something the user is, a biometric identifier such as a fingerprint, facial scan, or retinal scan. "PlN" means a personal identification number, a series of numbers which act as a password for a device. Since PlNs are typically only four to six characters, PlNs are usually used in conjunction with another factor of authentication, such as a fingerprint. "portable Device" means any computing device with a smallform factor, designed to be transported from place to place. Portabll devices ale primarily battery powered devices with base computing resources in the form of a processor, memory, storage, and network access. Examples include, but are not limited to, mobile phon"s, tablets, and laptops. Mobile Device is a subset of Portable Device. "portable Media" means any machine readable media that may routinely be stored or moved independently of computing devices. Examples include magnetic tapes, optical discs.(CDs or DVDs), flash memory'(thurib drive) devices, external hard drives, and internal hard drives that have been removed from a computing device. "secure Area" means an area to which only authorized representatives of the entity possessing the Confidential lnformation have access, and access is controlled through use of a key, card key, combination lock, or comparable mechanism. Secure Areas may include buildings' rooms or locked storage containers (such as a flling cabinet or desk drawer)within a room, as long as access to the Confidential lnformaiion is not available to unauthorized personnel. ln otherwise Secure Areas, such as an office with restricted access, the Daia must be secured in such a way as to prevent access by non-authorized staff such as janitorial or facility security staff, when authorized Contractor staff are not present to ensure that non-authorized staff cannot access it. "Trusted Network" means a network operated and maintained by the Contractor, which includes security controls sufficient to protect DSHS Data on that network. Controls would include a firewall between any other networks, access control lists on networking devices such as routers and switches, and other such mechanisms which protect the confidentiality, integrity, and availability of the Data. ',Unique User lD" means a string of characters that identifies a specific user and which, in conjunction with a password, pissphrase or other mechanism, authenticates a user to an information system. m 2. Authority. Th n o e security require ments described in this document reflect the applicable requirements of Chief lnformation Officer for the stateStandard 141 .1 of Washington,Standards Manual. Reference material related to these requi rements can be found here ecurityclie nt-information-orivate-a nd-secure , which is a site develoPed bY the DS lnformation Office and hosted by DSHS CentralC ontracts and Legal Services. Administrative Controls, The Contractor must have the following controls in place: a. A documented security policy governing the secure use of rts computer network and systems, and 0 (https:/locio.wa.qovlpolicies) of the Offlce of the and of the DSHS lnformation Security Policy and 3 DSHS Central Contract Services 6017CF County Program Agreement (10-31-2017)Page'10