Data Encryption. Contractor shall ensure security by installing firewalls and anti-virus software on computers, ensure operating systems are updated, encrypt information and email exchanges, safeguard any information stored in computers before disposing. All Data transfer must be encrypted using 256 bit (or higher) TLS 1.2 (or higher) for HTTP traffic and SSH version 2 for any batch or real-time non-http transfers. SSL certificates must be SHA 2 and signed by a trusted third party; no self-signed certificates. Data shall be encrypted when at rest in vendor storage. Decryption of data at rest must be under control of the application and not a storage platform. All Data must be stored and transmitted in the contiguous United States of America only. No offshore data transmission (e.g. for support services) or storage (e.g. hosted site or backup, disaster recovery).
Appears in 13 contracts
Samples: Washington Statewide Contract, Washington Statewide Contract, Washington Statewide Contract