Common use of Encryption Standards Clause in Contracts

Encryption Standards. Stored Data Contractor’s and Subcontractors’ workstations and portable devices that are used to access, store, receive and/or transmit County PI, PHI or MI (e.g., mobile, wearables, tablets, thumb drives, external hard drives) require encryption (i.e., software and/or hardware) in accordance with: (a) Federal Information Processing Standard Publication (FIPS) 140-2, (b) National Institute of Standards and Technology (NIST) Special Publication 800-57 Recommendation for Key Management – Part 1: General (Revision 3), (c) NIST Special Publication 800-57 Recommendation for Key Management – Part 2: Best Practices for Key Management Organization; and (d) NIST Special Publication 800-111 Guide to Storage Encryption Technologies for End User Devices. Advanced Encryption Standard (AES) with cipher strength of 256-bit is minimally required. Contractor’s and Subcontractors’ use of remote servers (e.g., cloud storage, Software-as-a-Service or SaaS) for storage of County PI, PHI and/or MI will be subject to written pre-approval by the County’s Chief Executive Office.

Encryption Standards. Stored Data Contractor’s and Subcontractors’ workstations and portable devices that are used to access, store, receive and/or transmit County PI, PHI or MI (e.g., mobile, wearables, tablets, thumb drives, external hard drives) require encryption (i.e., software and/or hardware) in accordance with: (a) Federal Information Processing Standard Publication (FIPS) 140-2, (b) National Institute of Standards and Technology (NIST) Special Publication 800-57 Recommendation for Key Management – Part 1: General (Revision 3), (c) NIST Special Publication 800-57 Recommendation for Key Management – Part 2: Best Practices for Key Management Organization; and (d) NIST Special Publication 800-111 Guide to Storage Encryption Technologies for End User Devices. Advanced Encryption Standard (AES) with cipher strength of 256-bit is minimally required. Contractor’s and Subcontractors’ use of remote servers (e.g., cloud storage, Software-as-a-Service or SaaS) for storage of County PI, PHI and/or MI will be subject to written pre-pre- approval by the County’s Chief Executive Office.

Encryption Standards. Stored Data Contractor’s and Subcontractors’ workstations and portable devices that are used to access, store, receive and/or transmit County PI, PHI or MI (e.g., mobile, wearables, tablets, thumb drives, external hard drives) require encryption (i.e., software and/or hardwaresoftware) in accordance with: (a) Federal Information Processing Standard Publication (FIPS) 140-2, (b) National Institute of Standards and Technology (NIST) Special Publication 800-57 Recommendation for Key Management – Part 1: General (Revision 3), (c) NIST Special Publication 800-57 Recommendation for Key Management – Part 2: Best Practices for Key Management Organization; and (d) NIST Special Publication 800-111 Guide to Storage Encryption Technologies for End User Devices. Advanced Encryption Standard (AES) with cipher strength of 256-bit is minimally required. Contractor’s and Subcontractors’ use of remote servers (e.g., cloud storage, Software-as-a-Service or SaaS) for storage of County PI, PHI and/or MI will be subject to written pre-pre- approval by the County’s Chief Executive Office.