My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY (5)
Clerk
>
Contracts / Agreements
>
O
>
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY (5)
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
9/10/2025 4:07:50 PM
Creation date
7/31/2025 3:39:59 PM
Metadata
Fields
Template:
Contracts
Company Name
ORANGE, COUNTY OF - SOCIAL SERVICES AGENCY
Contract #
A-2025-116-03
Agency
Community Development
Council Approval Date
7/15/2025
Expiration Date
7/30/2028
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
59
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Docusign Envelope ID:72A91 B38-BEA1-46FE-AGDD-1406711387804 <br /> 7. TECHNICAL SECURITY CONTROLS <br /> a. Workstation/Laptop Encryption. All workstations and laptops, which use, store and/or <br /> process PII, must be encrypted using a FIPS 1.40-2 certified algorithm 128 bit or higher, <br /> such as Advanced Encryption Standard(AES).The encryption solution must be full disk. It <br /> is encouraged,when available and when feasible, that the encryption be 256 bit. <br /> b. Server Security.Servers containing unencrypted PH must have sufficient administrative, <br /> physical, and technical controls In place to protect that data, based upon a risk <br /> assess rent/system security review. It is recommended to follow the guidelines <br /> documented In the latest revision of the National Institute of Standards and Technology <br /> (NISI) Special Publication (SP) 8.00.53, Security and Privacy Controls for Federal <br /> Information Systems and Organizations. <br /> c. Minimum Necessary. Only the minimum necessary amount of Pill required to perform <br /> required business functions may be accessed, copied, downloaded,or exported. <br /> d. Mobile Device and Removable Media. All electronic files, which contain Pill data, must <br /> be encrypted when stored on any mobile device or removable media (i.e. USB drives, <br /> CD/DVD, smartphones, tablets, backup tapes etc.). Encryption must be a FIPS 140-2 <br /> certified algorithm 128 bit or higher, such as AES. It is encouraged, when available and <br /> when feasible,that the encryption be 256 bit. <br /> e. Antivirus Software. All workstations, laptops and other systems,which process and/or <br /> store Pll, must install and actively use an antivirus software solution. Antivirus software <br /> should have automatic updates for definitions scheduled at least daily. <br /> f. Patch Management. <br /> i. All workstations, laptops and other systems,which process and/or store PII, must <br /> have critical security patches applied,with system reboot if necessary. <br /> il. There must be a documented patch management process that determines <br /> Installation timeframe based on risk assessment and vendor recommendations. <br /> III. At a maximum, all applicable patches deemed as critical must be installed within <br /> thirty (30) days of vendor release. It is recommended that critical patches which <br /> are high risk be installed within seven (7) days. <br /> iv. Applications and systems that cannot be patched within this time frame, due to <br /> significant operational reasons, must have compensatory controls implemented <br /> to minimize risk. <br /> 6 <br />
The URL can be used to link to this page
Your browser does not support the video tag.