Common use of Computer Security Safeguards Clause in Contracts

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure . G. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date. H. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. I. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date. H. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. I. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure G. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure Ensure that all workstations, laptops and other systems that process and/or store Medi-Medi- Cal PII have current security patches applied and up-to-date. G. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. H. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure G. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date. H. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. I. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Medi- Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure . G. Ensure that all workstations, laptops and other systems that process and/or store Medi-Medi- Cal PII have current security patches applied and up-to-date. H. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. I. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI.. Addendum A – page 4 C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure . G. Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date. H. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. I. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.

Computer Security Safeguards. The Contractor agrees to comply with the general computer security safeguards, system security controls, and audit controls in this section. In order to comply with the following general computer security safeguards, the Contractor agrees to: A. Encrypt portable computer devices, such as laptops and notebook computers that process and/or store Medi-Cal PII, with a solution using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution. One source of recommended solutions is specified on the California Strategic Sourced Initiative (CSSI) located at the following link: ▇▇▇.▇▇.▇▇▇.▇▇.▇▇▇/▇▇▇▇▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇. The Contractor shall use an encryption solution that is full-disk unless otherwise approved by DHCS. B. Encrypt workstations where Medi-Cal PII is stored using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. C. Ensure that only the minimum necessary amount of Medi-Cal PII is downloaded to a laptop or hard drive when absolutely necessary for current business purposes. D. Encrypt all electronic files that contain Medi-Cal PII when the file is stored on any removable media type device (i.e. USB thumb drives, floppies, CD/DVD, etc.) using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. E. Ensure that all emails sent outside the Contractor’s e-mail environment that include Medi-Medi- Cal PII are sent via an encrypted method using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. F. Ensure that all workstations, laptops and other systems that process and/or store Medi-Medi- Cal PII have a commercial third-party anti-virus software solution and are updated when a new anti-virus definition/software release is available. G.Ensure Ensure that all workstations, laptops and other systems that process and/or store Medi-Cal PII have current security patches applied and up-to-date. G. Ensure that all Medi-Cal PII is wiped from systems when the data is no longer legally required. The Contractor shall ensure that the wipe method conforms to Department of Defense standards for data destruction. H. Ensure that any remote access to Medi-Cal PII is established over an encrypted session protocol using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI. The Contractor shall ensure that all remote access is limited to minimum necessary and least privilege principles.