Encryption of Data. Encryption solutions will be deployed with no less than 256-bit Advanced Encryption Standard (AES) encryption.
Encryption of Data. A. Data at Rest. The Contractor shall ensure encryption of Personal Data and Non-Public Data within the Contractor’s Encrypted Forms module and process is consistent with validated cryptography standards as referenced in Federal Information Processing Standard (FIPS) 140 Publication Series.
B. Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems.
1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLS).
2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption.
3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197.
4) Where application level encryption is not available for non-web Personal Data and Non-Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented.
5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.
Encryption of Data. (a) Contractor and Contractor Parties, at its own expense, shall keep and maintain in an encrypted state any and all electronically stored data now or hereafter in its possession or control located on non-state owned or managed devices that the State, in accordance with its existing state policies classifies as confidential or restricted. The method of encryption shall be compliant with the State of Connecticut Enterprise Wide Technical Architecture (EWTA). This shall be a continuing obligation for compliance with the EWTA standard as it may be amended or supplemented from time to time.
(b) In the event of a breach of security or loss of State data, the Contractor and Contractor Parties shall notify the state agency which owns the data, the Connecticut Department of Information Technology and the Connecticut Office of the Attorney General as soon as practical but no later than 24 hours after the discovery or reason to believe such breach or loss that such data has been compromised through breach or loss.
Encryption of Data. A. Data at Rest. The Contractor shall ensure encryption of Personal Data and Non-Public Data within the Contractor’s possession or control is consistent with validated cryptography standards as referenced in Federal Information Processing Standard (FIPS) 140 Publication Series.
Encryption of Data. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;
Encryption of Data. With Jamf’s standard Hosted Services, Customer Content is encrypted in- transit to the Hosted Services and stored encrypted at-rest. Encryption solutions will be deployed with no less than 256-bit Advanced Encryption Standard (AES) encryption.
Encryption of Data. 1. The Contractor, at its own expense, shall encrypt any and all electronically stored data now or hereafter in its possession or control located on non-State owned or managed devices that the State, in accordance with its existing state policies, classifies as confidential or restricted. The method of encryption shall be compliant with the State of Connecticut Enterprise Wide Technical Architecture ("EWTA") or such other method as deemed acceptable by the Agency. This shall be a continuing obligation for compliance with the EWTA standard as it may change from time to time.
2. The Contractor and Contractor Parties shall notify the State, the Agency, and the Connecticut Office of the Attorney General as soon as practical, but no later than twenty-four (24) hours after they become aware of or suspect that any and all data which Contractor has come to possess or control under subsection 1 above have been subject to a "data breach". For the purpose of this Section, a "data breach" is an occurrence where (a) any or all of the data are misplaced, lost, stolen or in any way compromised; or (2) one or more third parties have had access to or taken control or possession of any or all of the data without prior written authorization from the Agency.
3. In addition to the notification requirements of subsection 2, should a data breach occur, the Contractor shall, within three (3) business days after the notification, present to the State, the Agency and the Connecticut Office of the Attorney General, for review and approval, a credit monitoring or protection plan that the Contractor shall make available at its own cost and expense to all individuals affected by the data breach. Unless otherwise agreed to in writing by the Connecticut Office of the Attorney General, such a plan shall be offered to each such individual free of charge and shall consist of, at a minimum, the following:
a. Reimbursement for the cost of placing and lifting one (1) security freeze per credit file pursuant to Connecticut General Statute Section 36a-701a;
b. Credit monitoring services consisting of automatic daily monitoring of at least three (3) relevant credit bureaus reports;
c. Fraud resolution services, including writing dispute letters, initiating fraud alerts and security freezes, to assist affected individuals to bring matters to resolution; and
d. Identity theft insurance with at least $25,000 coverage. Such monitoring or protection plans shall cover a length of time commensurate with...
Encryption of Data a) All Contractor Parties, at their own expense, shall encrypt any and all electronically-stored data related to this Contract now or hereafter in their possession or control and located on non-State owned or managed devices, which the State classifies as confidential or restricted (“State data”). The method of encryption shall be compliant with the State’s Enterprise Wide Technical Architecture (“EWTA”). This shall be a continuing obligation for compliance with the EWTA standard as it may change from time to time.
b) In the event of a breach of security or loss of State data, the Contractor shall notify the client agency that owns the data, the Connecticut Department of Information Technology and the Connecticut Office of the Attorney General as soon as practical, but no later than twenty-four (24) hours after the discovery of or suspicion that such data has been compromised through breach or loss.
Encryption of Data. Company shall encrypt, at minimum, Restricted AHS Information using Strong Encryption when transmitted over the internet (i.e., “data in transit”) or any other un-trusted network. Company shall also encrypt using Strong Encryption, at minimum, Restricted AHS Information when stored on any system (i.e., “data at rest”), including, but not limited to, servers, workstations, mobile devices, backup tapes, removable media, or any other electronic storage medium. In addition to the foregoing, AHS reserves the right to request at any time implementation of data encryption requirements as it relates to Confidential AHS Information.
Encryption of Data. Company shall encrypt, at minimum, Sensitive PII, and Restricted AHS Information using Strong Encryption when transmitting via the Internet or any other un-trusted network. Company shall also encrypt, using Strong Encryption, at minimum, Sensitive PII and/or Restricted AHS Information when it is stored on any system or electronic medium including but not limited to servers, workstations, mobile devices, backup tapes, removable media, or any other electronic storage medium. AHS reserves the right to request Company implement Encryption requirements on any data relating to Confidential Information of AHS.
