{"component": "clause", "props": {"groups": [{"snippet": "i) Vendor shall implement full-disk encryption on any built-in or removable storage media in any Vendor controlled Personal Computer, portable computer, or any other personal computing device which may access, store, process, transmit, or create Cardholder Data. All such encryption shall minimally meet the Advanced Encryption Standard with a 256-bit cypher key (\u201cAES-256\u201d) as outlined in the Federal Information Processing Standards Publication 197 (\u201cFIPS 197\u201d).\nii) Vendor shall encrypt all Cardholder Data stored on Vendor servers or other mass storage devices, even if those servers and devices are contained within a secured, hardened data center (data at rest encryption). Such encryption shall minimally meet the aforementioned AES-256 requirement.\niii) Vendor shall encrypt all Cardholder Data placed on any removable storage device or media by Vendor per the above standard.\niv) Vendor shall ensure that all passwords are transmitted securely and encrypted when in storage. In the event that a hashing algorithm is used, Vendor must use a randomly-generated salt.\nv) All encryption covered under provision shall comply with the following minimum standards:\n(1) Cryptography and cryptographic algorithm use should be limited to technology that has undergone public scrutiny and review by reputable agencies.\n(2) The date the cryptography and cryptographic algorithms were acquired should be retained in application or other appropriate documentation.\n(3) For systems that are engaged in financial transactions, only those algorithms and key lengths documented in ANSI X9 may be used. In all other cases, only algorithms and key lengths approved by the National Institute of Standards and Technology (NIST) in the Cryptographic Module Validation Program (CMVP) or Cryptographic Algorithm Validation Program (CAVP) may be used. It is required that tested and available encryption Application Program Interfaces (APIs) or other vendor supplied and tested modules be used instead of creating an algorithm or using an unapproved and/or untested algorithm.\n(4) Encryption and/or Decryption keys must be adequately secured and only those trusted associates who have a \u201cneed to know\u201d should be given access to them. Storage of these keys must be separate and distinct from the encrypted data. All compromised keys must be retired and replaced in a timely fashion.", "snippet_links": [{"key": "vendor-shall", "type": "clause", "offset": [3, 15]}, {"key": "removable-storage-media", "type": "definition", "offset": [66, 89]}, {"key": "personal-computer", "type": "clause", "offset": [115, 132]}, {"key": "portable-computer", "type": "definition", "offset": [134, 151]}, {"key": "computing-device", "type": "definition", "offset": [175, 191]}, {"key": "cardholder-data", "type": "definition", "offset": [246, 261]}, {"key": "processing-standards", "type": "clause", "offset": [414, 434]}, {"key": "storage-devices", "type": "clause", "offset": [549, 564]}, {"key": "data-center", "type": "clause", "offset": [641, 652]}, {"key": "data-at-rest", "type": "clause", "offset": [654, 666]}, {"key": "by-vendor", "type": "clause", "offset": [851, 860]}, {"key": "above-standard", "type": "clause", "offset": [869, 883]}, {"key": "in-the-event", "type": "clause", "offset": [984, 996]}, {"key": "hashing-algorithm", "type": "definition", "offset": [1004, 1021]}, {"key": "comply-with-the", "type": "clause", "offset": [1122, 1137]}, {"key": "minimum-standards", "type": "definition", "offset": [1148, 1165]}, {"key": "and-review", "type": "clause", "offset": [1283, 1293]}, {"key": "appropriate-documentation", "type": "clause", "offset": [1433, 1458]}, {"key": "engaged-in", "type": "definition", "offset": [1485, 1495]}, {"key": "financial-transactions", "type": "clause", "offset": [1496, 1518]}, {"key": "and-key", "type": "definition", "offset": [1542, 1549]}, {"key": "in-all-other-cases", "type": "clause", "offset": [1593, 1611]}, {"key": "approved-by", "type": "definition", "offset": [1645, 1656]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [1661, 1707]}, {"key": "cryptographic-module", "type": "definition", "offset": [1722, 1742]}, {"key": "validation-program", "type": "definition", "offset": [1743, 1761]}, {"key": "application-program-interfaces", "type": "clause", "offset": [1887, 1917]}, {"key": "other-vendor", "type": "definition", "offset": [1928, 1940]}, {"key": "need-to-know", "type": "clause", "offset": [2171, 2183]}, {"key": "access-to", "type": "definition", "offset": [2201, 2210]}, {"key": "separate-and-distinct", "type": "clause", "offset": [2247, 2268]}], "samples": [{"hash": "az6Y5kag3Fe", "uri": "/contracts/az6Y5kag3Fe#encryption-requirements", "label": "Delegation Services Addendum", "score": 26.0280628204, "published": true}], "size": 3, "hash": "0e3efc10ce08463260fe4fb329d3c2e0", "id": 7}, {"snippet": "Seller will use, and will cause Seller Personnel to use, appropriate forms of encryption or other secure technologies at all times in connection with the Processing of Carrier Information, including in connection with any transfer, communication, remote access or storage (including back-up storage) of Carrier Information, as authorized or permitted under the Agreement and/or Order. Notwithstanding any provision to the contrary herein, Buyer Personal Information shall not be stored on any Seller mobile computing devices (e.g. laptop computers, PDAs (personal digital assistants), etc.)", "snippet_links": [{"key": "seller-will", "type": "clause", "offset": [0, 11]}, {"key": "seller-personnel", "type": "definition", "offset": [32, 48]}, {"key": "at-all-times", "type": "definition", "offset": [118, 130]}, {"key": "the-processing", "type": "clause", "offset": [150, 164]}, {"key": "carrier-information", "type": "definition", "offset": [168, 187]}, {"key": "in-connection-with-any-transfer", "type": "definition", "offset": [199, 230]}, {"key": "remote-access", "type": "definition", "offset": [247, 260]}, {"key": "the-agreement", "type": "clause", "offset": [357, 370]}, {"key": "notwithstanding-any-provision", "type": "clause", "offset": [385, 414]}, {"key": "buyer-personal-information", "type": "definition", "offset": [439, 465]}, {"key": "mobile-computing-devices", "type": "clause", "offset": [500, 524]}, {"key": "laptop-computers", "type": "clause", "offset": [531, 547]}], "samples": [{"hash": "dM1zZSTa0IA", "uri": "/contracts/dM1zZSTa0IA#encryption-requirements", "label": "Data Privacy & Security", "score": 35.4831619263, "published": true}, {"hash": "kWgkYX1LPX8", "uri": "/contracts/kWgkYX1LPX8#encryption-requirements", "label": "Data Privacy & Security", "score": 35.4766349792, "published": true}, {"hash": "9I4wDCVJd7p", "uri": "/contracts/9I4wDCVJd7p#encryption-requirements", "label": "Standard Terms & Conditions of Purchase", "score": 29.0955657959, "published": true}], "size": 9, "hash": "45ef63d80ec254f26e7615c86a9d57d3", "id": 4}, {"snippet": "When communicating the Income Withholding for Support (IWO) through electronic transmission, precautions must be taken to ensure the security of the data. Child support agencies are encouraged to use the electronic applications provided by the federal Office of Child Support Enforcement. Other electronic means, such as encrypted attachments to emails, may be used if the encryption method is compliant with Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2).", "snippet_links": [{"key": "income-withholding", "type": "definition", "offset": [23, 41]}, {"key": "electronic-transmission", "type": "clause", "offset": [68, 91]}, {"key": "to-ensure", "type": "clause", "offset": [119, 128]}, {"key": "security-of-the-data", "type": "clause", "offset": [133, 153]}, {"key": "the-electronic", "type": "clause", "offset": [200, 214]}, {"key": "child-support-enforcement", "type": "definition", "offset": [262, 287]}, {"key": "electronic-means", "type": "definition", "offset": [295, 311]}, {"key": "information-processing", "type": "clause", "offset": [417, 439]}, {"key": "publication-140", "type": "clause", "offset": [456, 471]}], "samples": [{"hash": "dQBHpXQVi9m", "uri": "/contracts/dQBHpXQVi9m#encryption-requirements", "label": "Parenting Time Modification Agreement", "score": 18.9890480042, "published": true}, {"hash": "bcYzngx3Bc9", "uri": "/contracts/bcYzngx3Bc9#encryption-requirements", "label": "Parenting Time Modification Agreement", "score": 18.9890480042, "published": true}], "size": 2, "hash": "bdd14b66a1d1be63154fe3e2ae8eeb41", "id": 9}, {"snippet": "Custodian will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Fund Confidential Information used by Custodian\u2019s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).", "snippet_links": [{"key": "mobile-devices", "type": "clause", "offset": [38, 52]}, {"key": "fund-confidential-information", "type": "clause", "offset": [96, 125]}, {"key": "by-custodian", "type": "clause", "offset": [131, 143]}, {"key": "an-industry", "type": "clause", "offset": [162, 173]}, {"key": "or-equivalent", "type": "definition", "offset": [244, 257]}], "samples": [{"hash": "5hJ95n0vjqm", "uri": "/contracts/5hJ95n0vjqm#encryption-requirements", "label": "Amended and Restated Master Custodian Agreement (Laudus Trust)", "score": 34.5701560974, "published": true}, {"hash": "hUMpLkLWWXa", "uri": "/contracts/hUMpLkLWWXa#encryption-requirements", "label": "Master Custodian Agreement (Charles Schwab Family of Funds)", "score": 34.3210144043, "published": true}, {"hash": "cisKOBGAetP", "uri": "/contracts/cisKOBGAetP#encryption-requirements", "label": "Amended and Restated Master Custodian Agreement (Schwab Annuity Portfolios)", "score": 34.3210144043, "published": true}], "size": 6, "hash": "26bcfe502d2141f97426bba405d4e090", "id": 5}, {"snippet": "DST will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by DST.", "snippet_links": [{"key": "fund-data", "type": "clause", "offset": [27, 36]}, {"key": "mobile-devices", "type": "clause", "offset": [55, 69]}], "samples": [{"hash": "4ozzv5TnqjA", "uri": "/contracts/4ozzv5TnqjA#encryption-requirements", "label": "Services Agreement (Federated Hermes Managed Pool Series)", "score": 35.3175888062, "published": true}, {"hash": "cgmh93WwA9L", "uri": "/contracts/cgmh93WwA9L#encryption-requirements", "label": "Services Agreement (Federated Hermes Insurance Series)", "score": 35.3093757629, "published": true}, {"hash": "2U7PJTsiud4", "uri": "/contracts/2U7PJTsiud4#encryption-requirements", "label": "Services Agreement (Federated Hermes High Yield Trust)", "score": 35.3093757629, "published": true}], "size": 166, "hash": "31f925ade9e967104373792f17c5f008", "id": 1}, {"snippet": "Transfer Agent will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by Transfer Agent.", "snippet_links": [{"key": "fund-data", "type": "clause", "offset": [38, 47]}, {"key": "mobile-devices", "type": "clause", "offset": [66, 80]}, {"key": "by-transfer-agent", "type": "clause", "offset": [116, 133]}], "samples": [{"hash": "8zcVqFOZC9c", "uri": "/contracts/8zcVqFOZC9c#encryption-requirements", "label": "Transfer Agency and Service Agreement (Federated Hermes Core Trust III)", "score": 33.396987915, "published": true}, {"hash": "7JIufCyR0V2", "uri": "/contracts/7JIufCyR0V2#encryption-requirements", "label": "Transfer Agency and Service Agreement (Federated Hermes High Income Bond Fund, Inc.)", "score": 33.3915138245, "published": true}, {"hash": "5NqJzUSldJr", "uri": "/contracts/5NqJzUSldJr#encryption-requirements", "label": "Transfer Agency and Service Agreement (Federated Hermes Municipal Bond Fund, Inc.)", "score": 33.3915138245, "published": true}], "size": 95, "hash": "c1ce015c07b8630614b6967e74813b86", "id": 2}, {"snippet": "State Street will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Client Data used by State Street\u2019s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).", "snippet_links": [{"key": "mobile-devices", "type": "clause", "offset": [41, 55]}, {"key": "client-data", "type": "definition", "offset": [99, 110]}, {"key": "by-state-street", "type": "clause", "offset": [116, 131]}, {"key": "an-industry", "type": "clause", "offset": [150, 161]}, {"key": "or-equivalent", "type": "definition", "offset": [232, 245]}], "samples": [{"hash": "arazf4yTBzs", "uri": "/contracts/arazf4yTBzs#encryption-requirements", "label": "Transfer Agency and Service Agreement (American Beacon Select Funds)", "score": 34.6536636353, "published": true}, {"hash": "fiwVBHBCfgF", "uri": "/contracts/fiwVBHBCfgF#encryption-requirements", "label": "Custody Agreement (Lord Abbett Private Credit Fund S)", "score": 34.247089386, "published": true}, {"hash": "3qxKLJsXs3V", "uri": "/contracts/3qxKLJsXs3V#encryption-requirements", "label": "Transfer Agency and Service Agreement (Lord Abbett Private Credit Fund S)", "score": 34.247089386, "published": true}], "size": 14, "hash": "5f8c126ba830fb321028b78f16e526ed", "id": 3}, {"snippet": "DST shall encrypt any laptops or mobile devices (e.g., Blackberries, PDAs) containing Client Data used by DST\u2019s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).", "snippet_links": [{"key": "mobile-devices", "type": "clause", "offset": [33, 47]}, {"key": "client-data", "type": "definition", "offset": [86, 97]}, {"key": "an-industry", "type": "clause", "offset": [128, 139]}, {"key": "or-equivalent", "type": "definition", "offset": [210, 223]}], "samples": [{"hash": "HcMvNdLdAZ", "uri": "/contracts/HcMvNdLdAZ#encryption-requirements", "label": "Agency Agreement (Federated Hermes Sustainable High Yield Bond Fund, Inc.)", "score": 34.3963050842, "published": true}, {"hash": "iNGCIVEzeLi", "uri": "/contracts/iNGCIVEzeLi#encryption-requirements", "label": "Agency Agreement (Federated Hermes Income Securities Trust)", "score": 33.9883651733, "published": true}, {"hash": "cghpWNar6pA", "uri": "/contracts/cghpWNar6pA#encryption-requirements", "label": "Agency Agreement (Federated Hermes Project & Trade Finance Tender Fund)", "score": 32.4004096985, "published": true}], "size": 4, "hash": "b4d27a5dc2749d74f37bc857f160a831", "id": 6}, {"snippet": "The following requirements apply when supplier has possession of UTC Information. Encryption algorithms used must be of sufficient strength to equate to 128-bit RC-4 or better. All cryptography technologies used must be published and approved by the general cryptographic community.\n(a) Encrypt all UTC Information stored on Supplier computer systems and backup media.\n(b) Encrypt all UTC Information transferred across public networks\n(c) Encrypt all UTC Information stored on Supplier mobile computing devices (e.g. laptop computers, PDAs (personal digital assistants), etc.)", "snippet_links": [{"key": "possession-of", "type": "clause", "offset": [51, 64]}, {"key": "utc-information", "type": "definition", "offset": [65, 80]}, {"key": "approved-by", "type": "definition", "offset": [234, 245]}, {"key": "the-general", "type": "clause", "offset": [246, 257]}, {"key": "computer-systems", "type": "definition", "offset": [334, 350]}, {"key": "backup-media", "type": "definition", "offset": [355, 367]}, {"key": "public-networks", "type": "definition", "offset": [420, 435]}, {"key": "mobile-computing-devices", "type": "clause", "offset": [487, 511]}, {"key": "laptop-computers", "type": "clause", "offset": [518, 534]}], "samples": [{"hash": "5uEVZy8mtL3", "uri": "/contracts/5uEVZy8mtL3#encryption-requirements", "label": "Services Agreement", "score": 31.3408622742, "published": true}, {"hash": "cnvqhgDy8QU", "uri": "/contracts/cnvqhgDy8QU#encryption-requirements", "label": "Services Agreement (United Technologies Corp /De/)", "score": 21.8131408691, "published": true}], "size": 2, "hash": "18fdfe7bec6e0c11bcd8d5da52c67220", "id": 8}, {"snippet": "The Contractor shall establish, maintain, and enforce (and Contractor shall ensure its affiliates and subcontractors establish, maintain, and enforce) a written policy that prohibits the sending of any State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information) by electronic mail. This written policy must be provided to the Department within sixty (60) days of execution of the Contract. The Contractor agrees to encrypt the transmission of all State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information), whether or not it is sent through MFMP or through other electronic means. The Contractor shall obtain the Department\u2019s approval for the encryption software and procedures used by Contractor. The foregoing encryption requirement under this section shall not apply to messages sent over secure, dedicated lines:\na. From Contractor employees and Individual Contractors to other Contractor employees or Individual Contractors, or\nb. From the Contractor to the Department, a Covered Entity or a member of the Covered Population. The Contractor shall be permitted to receive emails or other electronic transmissions from the Department or a Customer containing any State Data; further, in the event of such transmission, Contractor shall protect the confidentiality of such data. Contractor shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access State Data shall have \u201cfull disc\u201d encryption. Contractor shall require its subcontractors to comply with the requirements to the extent applicable to subcontractor\u2019s services.", "snippet_links": [{"key": "the-contractor-shall", "type": "clause", "offset": [0, 20]}, {"key": "affiliates-and-subcontractors", "type": "clause", "offset": [87, 116]}, {"key": "written-policy", "type": "clause", "offset": [153, 167]}, {"key": "state-data", "type": "definition", "offset": [202, 212]}, {"key": "social-security-number", "type": "definition", "offset": [297, 319]}, {"key": "home-address", "type": "clause", "offset": [321, 333]}, {"key": "medical-information", "type": "clause", "offset": [338, 357]}, {"key": "by-electronic-mail", "type": "clause", "offset": [359, 377]}, {"key": "the-department", "type": "clause", "offset": [419, 433]}, {"key": "execution-of-the-contract", "type": "clause", "offset": [460, 485]}, {"key": "contractor-agrees-to", "type": "clause", "offset": [491, 511]}, {"key": "the-transmission", "type": "clause", "offset": [520, 536]}, {"key": "electronic-means", "type": "definition", "offset": [758, 774]}, {"key": "encryption-software", "type": "clause", "offset": [838, 857]}, {"key": "and-procedures", "type": "clause", "offset": [858, 872]}, {"key": "by-contractor", "type": "clause", "offset": [878, 891]}, {"key": "the-foregoing", "type": "definition", "offset": [893, 906]}, {"key": "contractor-employees", "type": "definition", "offset": [1020, 1040]}, {"key": "individual-contractors", "type": "definition", "offset": [1045, 1067]}, {"key": "other-contractor", "type": "definition", "offset": [1071, 1087]}, {"key": "contractor-to", "type": "clause", "offset": [1140, 1153]}, {"key": "covered-entity", "type": "clause", "offset": [1172, 1186]}, {"key": "a-member-of-the", "type": "clause", "offset": [1190, 1205]}, {"key": "covered-population", "type": "definition", "offset": [1206, 1224]}, {"key": "to-receive", "type": "definition", "offset": [1260, 1270]}, {"key": "electronic-transmissions", "type": "definition", "offset": [1287, 1311]}, {"key": "department-or", "type": "definition", "offset": [1321, 1334]}, {"key": "in-the-event-of", "type": "definition", "offset": [1382, 1397]}, {"key": "contractor-shall-protect", "type": "clause", "offset": [1417, 1441]}, {"key": "laptop-computers", "type": "clause", "offset": [1509, 1525]}, {"key": "portable-computer", "type": "definition", "offset": [1545, 1562]}, {"key": "storage-devices", "type": "clause", "offset": [1571, 1586]}, {"key": "the-requirements", "type": "clause", "offset": [1707, 1723]}, {"key": "to-the-extent", "type": "clause", "offset": [1724, 1737]}, {"key": "applicable-to", "type": "clause", "offset": [1738, 1751]}], "samples": [{"hash": "jE9WdxXUb1V", "uri": "/contracts/jE9WdxXUb1V#encryption-requirements", "label": "Contract for Next Generation Myfloridamarketplace", "score": 32.5133666992, "published": true}, {"hash": "6sSh56SFpw8", "uri": "/contracts/6sSh56SFpw8#encryption-requirements", "label": "Contract for Next Generation Myfloridamarketplace DMS 20/21 150", "score": 32.4942054749, "published": true}], "size": 2, "hash": "568bc4e8cd2ac723fb211c776cef6728", "id": 10}], "next_curs": "CmASWmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjwLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiBlbmNyeXB0aW9uLXJlcXVpcmVtZW50cyMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"children": [["encryption-standards", "Encryption Standards"], ["encryption-key-management", "Encryption Key Management"], ["encryption-at-rest", "Encryption at Rest"]], "parents": [["miscellaneous", "Miscellaneous"], ["cooperation-with-respect-to-examinations-and-audits", "Cooperation with Respect to Examinations and Audits"], ["services", "Services"], ["use-of-laptop-and-mobile", "Use of Laptop and Mobile"], ["use-of-laptop-and-mobile-devices-in-connection-with-the-agreement", "Use of Laptop and Mobile Devices in Connection With the Agreement"]], "title": "Encryption Requirements", "size": 336, "id": "encryption-requirements", "related": [["information-requirements", "Information Requirements", "Information Requirements"], ["graduation-requirements", "GRADUATION REQUIREMENTS", "GRADUATION REQUIREMENTS"], ["notification-requirements", "Notification Requirements", "Notification Requirements"], ["certification-requirements", "Certification Requirements", "Certification Requirements"], ["information-requirement", "Information Requirement", "Information Requirement"]], "related_snippets": [], "updated": "2026-04-30T06:05:53+00:00", "also_ask": ["What minimum encryption standards should be specified to ensure legal and industry compliance?", "How can parties negotiate liability for breaches resulting from encryption failures?", "What are the risks if encryption requirements are vaguely defined or technology becomes obsolete?", "How do these encryption requirements compare to those in similar contracts or regulatory frameworks?", "What evidence is needed to prove compliance with encryption obligations in court?"], "drafting_tip": "Specify encryption standards, mandate key management protocols, and require regular updates to ensure data security, regulatory compliance, and protection against evolving threats.", "explanation": "The Encryption Requirements clause mandates that certain data or communications must be protected using specified encryption standards. Typically, this clause outlines which types of information\u2014such as personal data, financial records, or confidential business materials\u2014must be encrypted both in transit and at rest, and may reference industry standards like AES or TLS. Its core function is to safeguard sensitive information from unauthorized access, thereby reducing the risk of data breaches and ensuring compliance with privacy regulations."}, "json": true, "cursor": ""}}