Common use of Application Encryption Clause in Contracts

Application Encryption. The Contractor will provide: i. Encryption of database columns and indexes for data at rest. ii. Encryption of flat files at rest and in motion. iii. Network encryption at the session layer (or lower) to secure communication streams that traverse un-trusted networks; and to provide encryption for sensitive data in motion across any network. iv. Field-level encryption so custom applications can secure pertinent information within a communication stream. v. Key management for secure creation, storage, and retrieval of encryption keys. The Contractor will utilize transparent data encryption (TDE) a full-database-level bulk encryption technique for all data at rest. The Contractor will ensure any data that is written into the database file is encrypted including all database columns and indexes and that data that is in use is not encrypted. Data in motion will be protected by the SSL/TLS protocol standard between the server and any browser clients consuming or writing data over untrusted networks. The Contractor’s database schema will include several instances where cell or field-level encryption will be implemented for those scenarios where the database is accessed by a non- browser based custom application that may or may not be protected over a secure protocol or has the potential of storing data locally for later use. The Contractor will support strong asymmetric keys for encryption approach.

Application Encryption. The Contractor will provide: i. Encryption of database columns and indexes for data at rest. ii. Encryption of flat files at rest and in motion. iii. Network encryption at the session layer (or lower) to secure communication streams that traverse un-trusted networks; and to provide encryption for sensitive data in motion across any network. iv. Field-level encryption so custom applications can secure pertinent information within a communication stream. v. Key management for secure creation, storage, and retrieval of encryption keys. The Contractor will utilize transparent data encryption (TDE) a full-database-level bulk encryption technique for all data at rest. The Contractor will ensure any data that is written into the database file is encrypted including all database columns and indexes and that data that is in use is not encrypted. Data in motion will be protected by the SSL/TLS protocol standard between the server and any browser clients consuming or writing data over untrusted networks. The Contractor’s database schema will include several instances where cell or field-level encryption will be implemented for those scenarios where the database is accessed by a non- non-browser based custom application that may or may not be protected over a secure protocol or has the potential of storing data locally for later use. The Contractor will support strong asymmetric keys for encryption approach.