Encryption Standards. DST will define in its WISP minimum standards for data encryption. DST will employ approved industry standards designed to ensure that applicable requirements are implemented to protect the data. DST must: (i) encrypt Fund Confidential Information while in transit across public networks; (ii) encrypt Fund Confidential Information at rest on portable computing devices including laptops, electronic media (including removable media), and electronic storage devices. Use of removable media (floppy disk, recordable CD/DVD, USB drive, etc.) to store Fund Confidential Information must be prohibited without a business need and explicitly authorized internally. DST allows AES256 encryption on the mainframe disk controllers; however, encryption at the database layer is not implemented; and (iii) document procedures for managing encryption keys. Access to encryption keys must be restricted to named administrators governed by an access management program with at least annual review. Encryption keys must be protected in storage, and must not be stored on the same systems that perform the encryption / un-encryption.
Appears in 13 contracts
Samples: Transfer Agency and Service Agreement (Tiaa-Cref Life Funds), Transfer Agency and Service Agreement (Nuveen Investment Trust Iii), Transfer Agency and Service Agreement (Nuveen Investment Trust V)