My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Agenda Packet_2025-07-15
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
07/15/2025
>
Agenda Packet_2025-07-15
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/9/2025 11:22:49 AM
Creation date
7/9/2025 9:14:21 AM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Date
7/15/2025
Destruction Year
P
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
1754
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Docusign Envelope 110: 72A91B3B-BEA1-46FE-ACDD-146571BB7814 <br />EXHIBIT 2 <br />7. TECHNICAL SECURITY CONTROLS <br />a. Workstation/Laptop Encryption. All workstations and laptops, which use, store and/or <br />process PII, must be encrypted using a FIPS 140-2 certified algorithm 128 bit or higher, <br />such as Advanced Encryption Standard (AES). The encryption solution must be full disk. It <br />is encouraged, when available and when feasible, that the encryption be 256 bit. <br />b. Server Security. Servers containing unencrypted PH must have sufficient administrative, <br />physical, and technical controls in place to protect that data, based upon a risk <br />assessment/system security review. It is recommended to follow the guidelines <br />documented in the latest revision of the National Institute of Standards and Technology <br />(MIST) Special Publication (SP) 800-53, Security and Privacy Controls for Federal <br />Information Systems and Organizations. <br />c. Minimum Necessary. Only the minimum necessary amount of PI1 required to perform <br />required business functions may be accessed, copied, downloaded, or exported. <br />d. Mobile Device and Removable Media. All electronic files, which contain PII data, must <br />be encrypted when stored on any mobile device or removable media (i.e. USB drives, <br />CD/DVD, smartphones, tablets, backup tapes etc.). Encryption must be a FIPS 140-2 <br />certified algorithm 128 bit or higher, such as AES. It is encouraged, when available and <br />when feasible, that the encryption be 256 bit. <br />e. Antivirus Software. All workstations, laptops and other systems, which process and/or <br />store Pli, must install and actively use an antivirus software solution. Antivirus software <br />should have automatic updates for definitions scheduled at least daily. <br />f. Patch Management. <br />i. All workstations, laptops and other systems, which process and/or store Pll, must <br />have critical security patches applied, with system reboot if necessary. <br />ii. There must be a documented patch management process that determines <br />installation timeframe based on risk assessment and vendor recommendations. <br />iii. At a maximum, all applicable patches deemed as critical must be installed within <br />thirty (30) days of vendor release. It is recommended that critical patches which <br />are high risk be installed within seven (7) days. <br />iv. Applications and systems that cannot be patched within this time frame, due to <br />significant operational reasons, must have compensatory controls implemented <br />to minimize risk. <br />6 <br />City Council 7 — 122 7/15/2025 <br />
The URL can be used to link to this page
Your browser does not support the video tag.