Common use of Data in Transit Clause in Contracts

Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across public networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems. 1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLS). 2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption. 3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197. 4) Where application level encryption is not available for non-web Personal Data and Non- Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented. 5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.

Appears in 1 contract

Samples: Information Technology Agreement

AutoNDA by SimpleDocs

Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across public networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems. 1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLS). 2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption. 3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197. 4) Where application level encryption is not available for non-web Personal Data and Non- Non-Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented. 5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.

Appears in 1 contract

Samples: Information Technology Agreement

Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across public networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems. 1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLS). 2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption. 3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197. 4) Where application level encryption is not available for non-web Personal Data and Non- Non-Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented. 5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.

Appears in 1 contract

Samples: Information Technology Agreement

AutoNDA by SimpleDocs

Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across public networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems. 1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLSTLS 1.2 or 1.3). 2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption. 3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197. 4) Where application level encryption is not available for non-web Personal Data and Non- Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented. 5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.

Appears in 1 contract

Samples: Information Technology Agreement

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!