Common use of Protection and Transmission of NYS Confidential Information Clause in Contracts

Protection and Transmission of NYS Confidential Information. Contractor shall use appropriate means to preserve and protect NYS Confidential Information. This includes, but is not limited to, use of stable storage media, regular data backups and archiving, password protection of volumes, and data encryption. Consistent with the NYS Encryption Standard at: xxxxx://xxx.xx.xxx/tables/technologypolicyindex, to the extent doing so is applicable based on the specific services provided by Contractor to ITS under the Contract, the Contractor must encrypt NYS Confidential Information at rest, on file storage, on database storage, or on back-up media, and in transit in accordance with Local, State, and Federal laws, rules, regulations, ordinances, policies, standards, and guidelines. The Contractor must provide the ability to encrypt data in motion and at rest in compliance with state or federal law. Contractor must use secure means (HTTPS) for all electronic transmission or exchange of system, user, and application data with the State, with encryption at rest specifically using, at minimum, the latest FIPS approved cryptographic modules, and the secure means used for electronic transmission or exchange of system, user and application data with the State shall be HTTPS, TLS version 1.2 or higher. Contractor agrees that to the extent it has been authorized in writing to use such storage, any and all NYS Confidential Information will only be stored, processed, and maintained solely on designated target devices, and that no NYS Confidential Information at any time will be processed on or transferred to any portable computing device or any portable storage medium. Contractor shall also comply fully with all requirements of the Contract pertaining to security requirements specific to the services Contractor is providing to the State under the Contract. In addition to the specific security provisions required herein, Contractor shall also use, to the extent the following meets or exceeds NYS Information Security polices and standards, commercially reasonable best efforts to address and remediate any vulnerabilities associated with the types of application development or configuration services it is providing under the Contract which appear on the CWE/SANS list of the "TOP 25 Most Dangerous Programming Errors" (xxxx://xxx.xxxx.xxx/top25errors/). When a vulnerability scan is being conducted as required by applicable NYS Information Security policies and standards, and reveals software application vulnerabilities or any other security risks attendant to a provided solution, Contractor is responsible for ensuring those vulnerabilities and risks are remediated to ITS' reasonable satisfaction.

Protection and Transmission of NYS Confidential Information. Contractor shall use appropriate means to preserve and protect NYS Confidential Information. This includes, but is not limited to, use of stable storage media, regular data backups and archiving, password protection of volumes, and data encryption. Consistent with the NYS Encryption Standard at: xxxxx://xxx.xx.xxx/tables/technologypolicyindex, to the extent doing so is applicable based on the specific services provided by Contractor to ITS under the this Contract, the Contractor must encrypt NYS Confidential Information at rest, on file storage, on database storage, or on back-up media, and in transit in accordance with Local, State, state and Federal lawsfederal law, rules, regulations, ordinances, policies, standards, and guidelinesrequirements. The Contractor must provide the ability to encrypt data in motion and at rest in compliance with state or federal law. Contractor must use secure means (HTTPS) for all electronic transmission or exchange of system, user, user and application data with the State, with encryption at rest specifically using, at minimum, the latest FIPS 140.2 approved cryptographic modules, and the secure means used for electronic transmission or exchange of system, user and application data with the State shall be HTTPS, TLS version 1.2 or higher. Contractor agrees that to the extent it has been authorized in writing to use such storage, any and all NYS Confidential Information will only be stored, processed, processed and maintained solely on designated target devices, and that no NYS Confidential Information at any time will be processed on or transferred to transferredto any portable computing device or any portable storage medium, unless that device or storage medium is a necessary and approved component of the authorized business processes covered in the Contract or a specific Transaction Document hereunder and or any amendment thereof, or of the Contractor’s designated backup and recovery processes, and is encrypted in accordance with the requirements of this Contract and in compliance with all current federal, State, or local statutes, regulations, ordinances, and requirements. Contractor shall also comply fully with all requirements of the this Contract pertaining to security requirements specific to the services Contractor is providing to the State ITS under the this Contract. In addition to the specific security provisions required herein, Contractor shall also use, to the extent the following meets or exceeds NYS Information Security polices and standards, use commercially reasonable best efforts to address and remediate any vulnerabilities associated with the types of application development or configuration services it is providing under the this Contract which appear on the CWE/SANS list of the "TOP 25 Most Dangerous Programming Errors" ” (xxxx://xxx.xxxx.xxx/top25errors/). When a vulnerability scan is being conducted as required by applicable NYS Information Security policies and standards, and If any application security scanning undertaken hereunder reveals software application vulnerabilities or any orany other security risks attendant to a provided solution, Contractor is responsible for ensuring those vulnerabilities and risks are remediated to ITS' reasonable satisfaction.

Protection and Transmission of NYS Confidential Information. Contractor shall use appropriate means to preserve and protect NYS Confidential Information. This includes, but is not limited to, use of stable storage media, regular data backups and archiving, password protection of volumes, and data encryption. Consistent with the NYS Encryption Standard at: xxxxx://xxx.xx.xxx/tables/technologypolicyindex, to the extent doing so is applicable based on the specific services provided by Contractor to ITS under the this Contract, the Contractor must encrypt NYS Confidential Information at rest, on file storage, on database storage, or on back-up media, and in transit in accordance with Local, State, state and Federal lawsfederal law, rules, regulations, ordinances, policies, standards, and guidelinesrequirements. The Contractor must provide the ability to encrypt data in motion and at rest in compliance with state or federal law. Contractor must use secure means (HTTPS) for all electronic transmission or exchange of system, user, user and application data with the State, with encryption at rest specifically using, at minimum, the latest FIPS 140.2 approved cryptographic modules, and the secure means used for electronic transmission or exchange of system, user and application data with the State shall be HTTPS, TLS version 1.2 or higher. Contractor agrees that to the extent it has been authorized in writing to use such storage, any and all NYS Confidential Information will only be stored, processed, processed and maintained solely on designated target devices, and that no NYS Confidential Information at any time will be processed on or transferred to any portable computing device or any portable storage medium, unless that device or storage medium is a necessary and approved component of the authorized business processes covered in the Contract or a specific transactional document hereunder and or any amendment thereof, or of the Contractor’s designated backup and recovery processes, and is encrypted in accordance with the requirements of this Contract and in compliance with all current federal, State, or local statutes, regulations, ordinances, and requirements. Contractor shall also comply fully with all requirements of the this Contract pertaining to security requirements specific to the services Contractor is providing to the State ITS under the this Contract. In addition to the specific security provisions required herein, Contractor shall also use, to the extent the following meets or exceeds NYS Information Security polices and standards, use commercially reasonable best efforts to address and remediate any vulnerabilities associated with the types of application development or configuration services it is providing under the this Contract which appear on the CWE/SANS list of the "TOP 25 Most Dangerous Programming Errors" (xxxx://xxx.xxxx.xxx/top25errors/). When a vulnerability scan is being conducted as required by applicable NYS Information Security policies and standards, and If any application security scanning undertaken hereunder reveals software application vulnerabilities or any orany other security risks attendant to a provided solution, Contractor is responsible for ensuring those vulnerabilities and risks are remediated to ITS' reasonable satisfaction.

Protection and Transmission of NYS Confidential Information. Contractor shall use appropriate means to preserve and protect NYS Confidential Information. This includes, but is not limited to, use of stable storage media, regular data backups and archiving, password protection of volumes, and data encryption. Consistent with the NYS Encryption Standard at: xxxxx://xxx.xx.xxx/tables/technologypolicyindex, to the extent doing so is applicable based on the specific services provided by Contractor to ITS under the this Contract, the Contractor must encrypt NYS Confidential Information at rest, on file storage, on database storage, or on back-up media, and in transit in accordance with Local, State, state and Federal lawsfederal law, rules, regulations, ordinances, policies, standards, and guidelinesrequirements. The Contractor must provide the ability to encrypt data in motion and at rest in compliance with state or federal law. Contractor must use secure means (HTTPS) for all electronic transmission or exchange of system, user, user and application data with the State, with encryption at rest specifically using, at minimum, the latest FIPS 140.2 approved cryptographic modules, and the secure means used for electronic transmission or exchange of system, user and application data with the State shall be HTTPS, TLS version 1.2 or higher. Contractor agrees that to the extent it has been authorized in writing to use such storage, any and all NYS Confidential Information will only be stored, processed, processed and maintained solely on designated target devices, and that no NYS Confidential Information at any time will be processed on or transferred to any portable computing device or any portable storage medium, unless that device or storage medium is a necessary and approved component of the authorized business processes covered in the Contract or a specific Transaction Document hereunder and or any amendment thereof, or of the Contractor’s designated backup and recovery processes, and is encrypted in accordance with the requirements of this Contract and in compliance with all current federal, State, or local statutes, regulations, ordinances, and requirements. Contractor shall also comply fully with all requirements of the this Contract pertaining to security requirements specific to the services Contractor is providing to the State ITS under the this Contract. In addition to the specific security provisions required herein, Contractor shall also use, to the extent the following meets or exceeds NYS Information Security polices and standards, use commercially reasonable best efforts to address and remediate any vulnerabilities associated with the types of application development or configuration services it is providing under the this Contract which appear on the CWE/SANS list of the "TOP 25 Most Dangerous Programming Errors" (xxxx://xxx.xxxx.xxx/top25errors/). When a vulnerability scan is being conducted as required by applicable NYS Information Security policies and standards, and If any application security scanning undertaken hereunder reveals software application vulnerabilities or any other security risks attendant to a provided solution, Contractor is responsible for ensuring those vulnerabilities and risks are remediated to ITS' reasonable satisfaction.