Laserfiche WebLink
Special Terms and Conditions <br />(1) Ensuring mitigations applied to the system don't allow end-user modlfication. <br />(2) Not allowing the use of dial-up connections. <br />(3) Using industry standard protocols and solutions for remote access, Examples would include <br />RADIUS and Citrix. <br />(4) Encrypting all remote access traffic from the external workstation to Trusted Network or to a <br />component within the Trusted Network. The traffic must be encrypted at all times while <br />traversing any network, including the lnternet, which is not a Trusted Network. <br />(5) Ensuring that the remote access system prompts for re-authentication or performs automated <br />session termination after no more than 30 minutes of inactivity. <br />(6) Ensuring use of Multi-factor Authentication to connect from the external end point to the internal <br />end point. <br />Passwords or PIN codes may meel a lesser standard if used in conjunction with another <br />authentication mechanism, such as a biornetric (fingerprint, face recognition, iris scan) ortoken <br />(software, hardware, smartcard, etc.) in that case: <br />(1) The PIN or password must be at least 5 letters or numbers when used in conjunction with at <br />least one other authentication factor <br />(2) Must not be comprised of all the same letter or number (11111,22222, aaaaa, would not be <br />acceptable) <br />(3) Must not contain a "run" of three or more consecutive numbers (12398, 58743 would not be <br />acceptable) <br />lf the contract specifically allows for the storage of Confidential lnformation on a Mobile Device, <br />passcodes used on the device must: <br />(1) Be a minimum of six alphanumeric characters. <br />(2) Contain at least three unique character classes (upper case, lower case, letter, number). <br />(3) Not contain more than a three consecutive character run. Passcodes consisting of '12345, or <br />abcd12 would not be acceptable. <br />k. Render the devlce unusable after a maximum of 10 failed logon attempts. <br />5.Protection of Data. The Contractor agrees to store Data on one or more of the following media and <br />protect the Data as described: <br />a Hard disk drives, For Data stored on local workstation hard disks, access to the Data will be <br />restricled to Authorized User(s) by requiring logon to the local workstation using a Unique User ID <br />and Hardened Password or other authentication mechanisms which provide equal or greater <br />security, such as biometrics or smart cards. <br />b. Network server disks. For Data stored on hard disks mounted on nelwork servers and made <br />available through shared folders, access to the Data will be restricted to Authorized Users through <br />the use of access control lists which will grant access only after the Authorized User has <br />authenticated to the network using a Unique User lD and Hardened Password or other <br />DSHS Central Contract Services <br />6C17CF County Program Agreemenl (10-31-2017) Page 12 <br />t.