My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Agenda Packet_2025-07-15
Clerk
>
Agenda Packets / Staff Reports
>
City Council (2004 - Present)
>
2025
>
07/15/2025
>
Agenda Packet_2025-07-15
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
7/9/2025 11:22:49 AM
Creation date
7/9/2025 9:14:21 AM
Metadata
Fields
Template:
City Clerk
Doc Type
Agenda Packet
Date
7/15/2025
Destruction Year
P
Jump to thumbnail
< previous set
next set >
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
1754
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Docusign Envelope ID; 72A9lE33M-BEA1-46FE-ACDD-146571B87804 <br />EXHIBIT 2 <br />B. Log both successful and failed accesses; <br />C. Be read -access only; and <br />D. Be restricted to authorized users. <br />iii. If PI I is stored in a database, database logging functionality shall be enabled. <br />iv. Audit trail data shall be archived for at least three (3) years from the occurrence. <br />I. Access Controls. The system providing access to PIE shall use role -based access controls <br />for all user authentications, enforcing the principle of least privilege. <br />m. Transmission Encryption. <br />i. All data transmissions of PH outside of a secure internal network must be <br />encrypted using a Federal Information Processing Standard (PIPS) 140-2 certified <br />algorithm that is 128 bit or higher, such as Advanced Encryption Standard (AES) <br />or Transport Layer Security (TLS). It is encouraged, when available and when <br />feasible, that 256 bit encryption be used. <br />ii. Encryption can be end to end at the network level, or the data files containing PII <br />can be encrypted. <br />iii. This requirement pertains to any type of PH in motion such as website access, file <br />transfer, and email. <br />n. Intrusion Prevention. All systems involved in accessing, storing, transporting, and <br />protecting PII, which are accessible through the Internet, must be protected by an <br />intrusion detection and prevention solution. <br />8. AUDIT CONTROLS <br />a. System Security Review. <br />i. The Contractor must ensure audit control mechanisms are in place. <br />ii. All systems processing and/or storing PH must have at least an annual system risk <br />assessment/security review that ensures administrative, physical, and technical <br />controls are functioning effectively and provide an adequate level of protection. <br />iii. Reviews should include vulnerability scanning tools. <br />b. Log Reviews. All systems processing and/or storing PH must have a processor automated <br />procedure in place to review system logs for unauthorized access. <br />c. Change Control. All systems processing and/or storing PII must have a documented <br />City Council 7 — 124 7/15/2025 <br />
The URL can be used to link to this page
Your browser does not support the video tag.