Laserfiche WebLink
5. <br />DSHS Central Contract Services <br />'1 769CS County Agreement (05-06-2025) <br />Special Terms and Conditions <br />(5) Ensuring that the remote access system prompts for re-authentication or performs automated <br />session termination after no more than 30 minutes of inactivity. <br />(6) Ensuring use of Multi-factor Authentication to connect from the external end point to the internal <br />end point. <br />Passwords or PIN codes may meet a lesser standard if used in conjunction with another <br />authentication mechanism, such as a biometric (fingerprint, face recognition, iris scan) or token <br />(software, hardware, smart card, etc.) in that case: <br />(1) The PIN or password must be at least 5letters or numbers when used in conjunction with at <br />least one other authentication factor <br />(2) Must not be comprised of all the same letter or number (11111,22222, aaaaa, would not be <br />acceptable) <br />(3) Must not contain a "run" of three or more consecutive numbers (12398, 98743 would not be <br />acceptable) <br />lf the contract specifically allows for the storage of Confidential lnformation on a Mobile Device, <br />passcodes used on the device must: <br />(1) Be a minimum of six alphanumeric characters. <br />(2) Contain at least three unique character classes (upper case, lower case, letter, number). <br />(3) Not contain more than a three consecutive character run. Passcodes consisting of 12345, or <br />abcd12 would not be acceptable. <br />k. Render the device unusable after a maximum of 10 failed logon attempts. <br />Protection of Data. The Contractor agrees to store Data on one or more of the following media and <br />protect the Data as described. <br />a. Hard disk drives. For Data stored on local workstation hard disks, access to the Data will be <br />restricted to Authorized User(s) by requiring logon to the local workstation using a Unique User lD <br />and Hardened Password or other authentication mechanisms, which provide equal or greater <br />security, such as biometrics or smart cards. <br />b. Network server disks. For Data stored on hard disks mounted on network servers and made <br />available through shared folders, access to the Data will be restricted to Authorized Users through <br />the use of access control lists which will grant access only after the Authorized User has <br />authenticated to the network using a Unique User lD and Hardened Password or other <br />authentication mechanisms which provide equal or greater security, such as biometrics or smart <br />cards. Data on disks mounted to such servers must be located in an area, which is accessible only <br />to authorized personnel, with access controlled through use of a key, card key, combination lock, or <br />comparable mechanism. <br />For DSHS Confidential lnformation stored on these disks, deleting unneeded Data is sufficient as <br />long as the disks remain in a Secure Area and othenuise meet the requirements lisied in the above <br />paragraph. Destruction of the Data, as outlined below in Section 8 Data Disposition, may be <br />deferred until the disks are retired, replaced, or otherwise taken out of the Secure Area. <br />Page22