Encryption of Data Clause Samples

Encryption of Data. (a) Contractor and Contractor Parties, at its own expense, shall encrypt any and all electronically stored data now or hereafter in its possession or control located on non-state owned or managed devices that the State, in accordance with its existing state policies classifies as confidential or restricted. The method of encryption shall be compliant with the State of Connecticut Enterprise Wide Technical Architecture (EWTA) as it may be amended from time to time. This shall be a continuing obligation for compliance with the EWTA standard as it may change from time to time. (b) In the event of a breach of security or loss of State data, the Contractor or Contractor Parties shall notify the client agency which owns the data, the Connecticut Department of Information Technology and the Connecticut Office of the Attorney General as soon as practical but no later than 24 hours after the discovery of suspicion of such breach or loss that such data has been compromised through breach or loss.

Encryption of Data. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services;

Encryption of Data. A. Data at Rest. The Contractor shall ensure encryption of Personal Data and Non-Public Data within the Contractor’s possession or control is consistent with validated cryptography standards as referenced in Federal Information Processing Standard (FIPS) 140 Publication Series. B. Data in Transit. The Contractor shall ensure all Personal Data and Non-Public Data is encrypted when transmitted across networks to protect against eavesdropping of network traffic by unauthorized users. In cases where source and target endpoint devices are within the same protected subnet, Personal Data and Non-Public Data transmission must still be encrypted due to the potential for high negative impact of a covered Data Breach. The types of transmission may include client-to-server, server-to-server communication, as well as any data transfer between core systems and third party systems. 1) Where an endpoint device is reachable via web interface, web traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols, such as Transport Layer Security (TLS 1.2 or 1.3). 2) Non-web transmission of Personal Data and Non-Public Data should be encrypted via application level encryption. 3) Where the application database resides outside of the application server, the connection between the database and application should also be encrypted using Federal Information Processing Standard (FIPS) compliant cryptographic algorithms referenced in FIPS Publication 197. 4) Where application level encryption is not available for non-web Personal Data and Non- Public Data traffic, network level encryption such as Internet Protocol Security (IPSec) or SSH tunneling shall be implemented. 5) Email is not secure and shall not be used to transmit Personal Data and Non-Public Data.

Encryption of Data. With Jamf’s standard Hosted Services, Customer Content is encrypted in- transit to the Hosted Services and stored encrypted at-rest. Encryption solutions will be deployed with no less than 256-bit Advanced Encryption Standard (AES) encryption.

Encryption of Data. A. Data at Rest. The Contractor shall ensure encryption of Personal Data and Non-Public Data within the Contractor’s possession or control is consistent with validated cryptography standards as referenced in Federal Information Processing Standard (FIPS) 140 Publication Series.

Encryption of Data a. The Contractor, at its own expense, shall encrypt any and all electronically stored data now or hereafter in its possession or control located on non-State owned or managed devices that the State, in accordance with its existing state policies, classifies as confidential or restricted. The method of encryption shall be compliant with the State of Connecticut Enterprise Wide Technical Architecture ("EWTA") or such other method as deemed acceptable by the Agency. This shall be a continuing obligation for compliance with the EWTA standard as it may change from time to time. b. The Contractor and Contractor Parties shall notify the State, the Agency, and the Connecticut Office of the Attorney General as soon as practical, but no later than twenty-four (24) hours after they become aware of or suspect that any and all data which Contractor has come to possess or control under subsection 1 above have been subject to a "data breach". For the purpose of this Section, a "data breach" is an occurrence where (a) any or all of the data are misplaced, lost, stolen or in any way compromised; or (2) one or more third parties have had access to or taken control or possession of any or all of the data without prior written authorization from the Agency. c. In addition to the notification requirements of subsection 2, should a data breach occur, the Contractor shall, within three (3) business days after the notification, present to the State, the Agency and the Connecticut Office of the Attorney General, for review and approval, a credit monitoring or protection plan that the Contractor shall make available at its own cost and expense to all individuals affected by the data breach. Unless otherwise agreed to in writing by the Connecticut Office of the Attorney General, such a plan shall be offered to each such individual free of charge and shall consist of, at a minimum, the following: 1) Reimbursement for the cost of placing and lifting one (1) security freeze per credit file pursuant to Connecticut General Statute Section 36a-701a; 2) Credit monitoring services consisting of automatic daily monitoring of at least three (3) relevant credit bureaus reports; 3) Fraud resolution services, including writing dispute letters, initiating fraud alerts and security freezes, to assist affected individuals to bring matters to resolution; and 4) Identity theft insurance with at least $25,000 coverage. Such monitoring or protection plans shall cover a length of time commensurate with...

Encryption of Data. A. Data at Rest. The provider has disclosed to Contractor that its (the provider) encrypts Non-Public Data based on cryptography standards as referenced in Federal Information Processing Standard (FIPS) 140 Publication Series.

Encryption of Data. (a) The Contractor, at its own expense, shall encrypt any and all electronically stored data now or hereafter in its possession or control located on non-state owned or managed devices that the State, in accordance with its existing state policies classifies as confidential or restricted. The method of encryption shall be compliant with the State of Connecticut Enterprise Wide Technical Architecture (“EWTA”) or such other method as deemed acceptable by the Agency. This shall be a continuing obligation for compliance with the EWTA standard as it may change from time to time. The EWTA domain architecture documents can be found at ▇▇▇▇://▇▇▇.▇▇.▇▇▇/doit/cwp/view.asp?a=1245&q=253968. (b) In the event of a breach of security or loss of State data, the Contractor shall notify the Agency and the OAG as soon as practical but not later than twenty-four (24) hours after the discovery or suspicion of such breach or loss that such data has been comprised through breach or loss. The requirements of this section are in addition to those that may apply under Part II, Section E.

Encryption of Data. Company shall encrypt, at minimum, Restricted AHS Information using Strong Encryption when transmitted over the internet (i.e., “data in transit”) or any other un-trusted network. Company shall also encrypt using Strong Encryption, at minimum, Restricted AHS Information when stored on any system (i.e., “data at rest”), including, but not limited to, servers, workstations, mobile devices, backup tapes, removable media, or any other electronic storage medium. In addition to the foregoing, AHS reserves the right to request at any time implementation of data encryption requirements as it relates to Confidential AHS Information.