Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.
Workstation/Laptop encryption All workstations and laptops that process and/or store County PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the County Information Security Office.
Television Equipment Recycling Program If this Contract is for the purchase or lease of covered television equipment, then Contractor certifies that it is compliance with Subchapter Z, Chapter 361 of the Texas Health and Safety Code related to the Television Equipment Recycling Program.
Data Location 1.1. The CONTRACTOR shall not store or transfer non-public COUNTY data outside of the United States. This includes backup data and Disaster Recovery locations. The CONTRACTOR will permit its personnel and contractors to access COUNTY data remotely only as required to provide technical support. (Remote access to data from outside the continental United States is prohibited unless approved in advance and in writing by the County.)