Encryption Requirements Clause Samples
The Encryption Requirements clause mandates that certain data or communications must be protected using specified encryption standards. Typically, this clause outlines which types of information—such as personal data, financial records, or confidential business materials—must be encrypted both in transit and at rest, and may reference industry standards like AES or TLS. Its core function is to safeguard sensitive information from unauthorized access, thereby reducing the risk of data breaches and ensuring compliance with privacy regulations.
POPULAR SAMPLE Copied 1 times
Encryption Requirements i) Vendor shall implement full-disk encryption on any built-in or removable storage media in any Vendor controlled Personal Computer, portable computer, or any other personal computing device which may access, store, process, transmit, or create Cardholder Data. All such encryption shall minimally meet the Advanced Encryption Standard with a 256-bit cypher key (“AES-256”) as outlined in the Federal Information Processing Standards Publication 197 (“FIPS 197”).
ii) Vendor shall encrypt all Cardholder Data stored on Vendor servers or other mass storage devices, even if those servers and devices are contained within a secured, hardened data center (data at rest encryption). Such encryption shall minimally meet the aforementioned AES-256 requirement.
iii) Vendor shall encrypt all Cardholder Data placed on any removable storage device or media by Vendor per the above standard.
iv) Vendor shall ensure that all passwords are transmitted securely and encrypted when in storage. In the event that a hashing algorithm is used, Vendor must use a randomly-generated salt.
v) All encryption covered under provision shall comply with the following minimum standards:
(1) Cryptography and cryptographic algorithm use should be limited to technology that has undergone public scrutiny and review by reputable agencies.
(2) The date the cryptography and cryptographic algorithms were acquired should be retained in application or other appropriate documentation.
(3) For systems that are engaged in financial transactions, only those algorithms and key lengths documented in ANSI X9 may be used. In all other cases, only algorithms and key lengths approved by the National Institute of Standards and Technology (NIST) in the Cryptographic Module Validation Program (CMVP) or Cryptographic Algorithm Validation Program (CAVP) may be used. It is required that tested and available encryption Application Program Interfaces (APIs) or other vendor supplied and tested modules be used instead of creating an algorithm or using an unapproved and/or untested algorithm.
(4) Encryption and/or Decryption keys must be adequately secured and only those trusted associates who have a “need to know” should be given access to them. Storage of these keys must be separate and distinct from the encrypted data. All compromised keys must be retired and replaced in a timely fashion.
Encryption Requirements. Seller will use, and will cause Seller Personnel to use, appropriate forms of encryption or other secure technologies at all times in connection with the Processing of Carrier Information, including in connection with any transfer, communication, remote access or storage (including back-up storage) of Carrier Information, as authorized or permitted under the Agreement and/or Order. Notwithstanding any provision to the contrary herein, Buyer Personal Information shall not be stored on any Seller mobile computing devices (e.g. laptop computers, PDAs (personal digital assistants), etc.)
Encryption Requirements. (1) Strong encryption is used for all encryption of at least 256 bits.
(2) Encryption keys are reliably managed.
Encryption Requirements. Custodian will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Fund Confidential Information used by Custodian’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. DST will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by DST.
Encryption Requirements. Transfer Agent will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by Transfer Agent.
Encryption Requirements. State Street will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Client Data used by State Street’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. DST shall encrypt any laptops or mobile devices (e.g., Blackberries, PDAs) containing Client Data used by DST’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. The following requirements apply when supplier has possession of UTC Information. Encryption algorithms used must be of sufficient strength to equate to 128-bit RC-4 or better. All cryptography technologies used must be published and approved by the general cryptographic community.
(a) Encrypt all UTC Information stored on Supplier computer systems and backup media.
(b) Encrypt all UTC Information transferred across public networks
(c) Encrypt all UTC Information stored on Supplier mobile computing devices (e.g. laptop computers, PDAs (personal digital assistants), etc.)
Encryption Requirements. The Contractor shall establish, maintain, and enforce (and Contractor shall ensure its affiliates and subcontractors establish, maintain, and enforce) a written policy that prohibits the sending of any State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information) by electronic mail. This written policy must be provided to the Department within sixty (60) days of execution of the Contract. The Contractor agrees to encrypt the transmission of all State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information), whether or not it is sent through MFMP or through other electronic means. The Contractor shall obtain the Department’s approval for the encryption software and procedures used by Contractor. The foregoing encryption requirement under this section shall not apply to messages sent over secure, dedicated lines:
a. From Contractor employees and Individual Contractors to other Contractor employees or Individual Contractors, or
b. From the Contractor to the Department, a Covered Entity or a member of the Covered Population. The Contractor shall be permitted to receive emails or other electronic transmissions from the Department or a Customer containing any State Data; further, in the event of such transmission, Contractor shall protect the confidentiality of such data. Contractor shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access State Data shall have “full disc” encryption. Contractor shall require its subcontractors to comply with the requirements to the extent applicable to subcontractor’s services.