New Hampshire Specific Data Security Requirements. The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizat...
New Hampshire Specific Data Security Requirements. The Provider agrees to comply with the “Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education as it exists on the date of this Agreement (available at: xxxxx://xxx.xxxxxxxxx.xx.xxx/data/documents/minimum- standards-privacy.pdf).
New Hampshire Specific Data Security Requirements. The Provider agrees to continue to adopt technologies, safeguards and practices in alignment with the NIST Cybersecurity Framework (NIST SP 800-53 rev 4 or newer, Low Impact Baseline or higher). The Provider’s NIST “Current Profile” is available upon request.
New Hampshire Specific Data Security Requirements. The Provider agrees to the privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education as set forth in the “iCivics compliance notes” column of the table set forth on Exhibit “F.” The LEA hereby acknowledges and agrees that the Provider’s performance of the measures in the “iCivics compliance notes” column of the table set forth on Exhibit “F” constitutes full performance of the Provider’s obligations under this Article V, Section 1(k) and
