Data Encryption In Transit and At Rest Sample Clauses

The Data Encryption In Transit and At Rest clause requires that all data handled under the agreement is protected by encryption both while being transmitted over networks and when stored on devices or servers. In practice, this means that sensitive information such as personal data, financial records, or proprietary business information must be encrypted using industry-standard protocols like TLS for data in transit and AES for data at rest. The core function of this clause is to safeguard confidential data from unauthorized access or breaches, thereby reducing the risk of data theft or loss and ensuring compliance with data protection regulations.
Data Encryption In Transit and At Rest. The Contractor shall encrypt all data in transit, regardless of transit mechanism, and at rest. Encryption Standards The Contractor’s encryption shall meet validated cryptography standards as specified by the National Institute of Standards and Technology in FIPS 140-2 and subsequent security requirements guidelines. The Contractor and State of Montana will negotiate mutually acceptable key location and key management details. √ √ 13. System Security Contractor Responsibility Contractor shall ensure systems delivered are adequately secure. Adequate security is defined to require compliance with federal and State of Montana security requirements and to ensure freedom from those conditions that may impair the State's use of its data and information technology or permit unauthorized access to the State's data or information technology. State Security Policy, Framework, Standards, and Controls The State of Montana has established security policy, framework, standards, and controls that align with the ISO27001:2013 Framework. Managerial, Operational, and Technical Controls All computer systems receiving, processing, storing, or transmitting State of Montana data must meet the control requirements for the associated security categorization within ISO27001:2013. To meet functional and assurance requirements, the security features of the environment must provide for the managerial, operational, and technical controls. All security features must be available and activated to protect against unauthorized use of and access to State of Montana data. Independent Security Audits Contractor shall provide reasonable proof, through independent audit reports, that the system specified in delivering the services meets or exceeds federal and State of Montana security requirements to ensure adequate security and privacy, confidentiality, integrity, and availability of the State's data and information technology. Annual Assurance Annual assurance statements shall be delivered to the Contract Manager. Annual assurance statements must contain a detailed accounting of the security controls implemented. √ √
View Source
Data Encryption In Transit and At Rest. The Contractor shall encrypt all data in transit, regardless of transit mechanism, and at rest. Encryption Standards The Contractor’s encryption shall meet validated cryptography standards as specified by the National Institute of Standards and Technology in FIPS 140-2 and subsequent security requirements guidelines. If applicable, the Contractor and State of Montana will negotiate mutually acceptable key location and key management details. X X 13. System Security Contractor Responsibility Contractor shall ensure its systems are adequately secure. Adequate security is defined to require compliance with federal and State of Montana security requirements and to ensure freedom from those conditions that may impair the State's use of its data and information technology or permit unauthorized access to the State's data or information technology. State
View Source

Related to Data Encryption In Transit and At Rest

  • Data Encryption 2.1. For all COUNTY data, The CONTRACTOR shall encrypt all non-public data in transit regardless of the transit mechanism. 2.2. For all COUNTY data, if the CONTRACTOR stores sensitive personally identifiable or otherwise confidential information, this data shall be encrypted at rest. Examples are social security number, date of birth, driver’s license number, financial data, federal/state tax information, and hashed passwords. 2.3. For all COUNTY data, the CONTRACTOR’S encryption shall be consistent with validated cryptography standards as specified in National Institute of Standards and Technology Security Requirements as outlined at ▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇▇/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf

  • Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.