Workstation/Laptop encryption All workstations and laptops that process and/or store County PHI or PI must be encrypted using a FIPS 140-2 certified algorithm which is 128bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk unless approved by the County Information Security Office.
Switching System Hierarchy and Trunking Requirements For purposes of routing ECI traffic to Verizon, the subtending arrangements between Verizon Tandem Switches and Verizon End Office Switches shall be the same as the Tandem/End Office subtending arrangements Verizon maintains for the routing of its own or other carriers’ traffic (i.e., traffic will be routed to the appropriate Verizon Tandem subtended by the terminating End Office serving the Verizon Customer). For purposes of routing Verizon traffic to ECI, the subtending arrangements between ECI Tandem Switches and ECI End Office Switches shall be the same as the Tandem/End Office subtending arrangements that ECI maintains for the routing of its own or other carriers’ traffic.
Password To enable you, and only you, to use the Service, you will be asked to choose a password when you register and are accepted as a customer of the Service. This password is stored in encrypted form by us. You are responsible for maintaining the confidentiality of your Funds Transfer customer number and password. No one at OneUnited Bank has access to your Accounts passwords or user ID's. You are responsible for uses of the Service whether or not actually or expressly authorized by you. Therefore, it is important that you DO NOT SHARE YOUR ACCOUNT NUMBER OR PASSWORD WITH ANYONE FOR ANY REASON. No one at OneUnited Bank will know or need to know your password, and OneUnited Bank employees will never ask for your password. If you believe your password has been lost or stolen, or that someone has transferred or may transfer money from your Account without your permission, call: (877) ONE-UNITED or fax: (▇▇▇) ▇▇▇-▇▇▇▇, or e-mail: ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇.▇▇▇, or write: Funds Transfer Administrator, OneUnited Bank ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇▇, Los Angeles, CA, 90016. You agree to notify us AT ONCE if you believe your password has been lost or stolen. Telephoning us promptly is the best way to protect yourself from possible losses. If you never tell us, you could lose all of the money in your account (plus your maximum overdraft line of credit). However, if you tell us within 2 business days, you can lose no more than $50 if someone used your password without your permission. If you do NOT tell us within 2 business days after you learn of the loss or theft of your password, and we can prove we could have stopped someone from using your password without your permission if you had told us, you could lose as much as $500. You can see a complete statement of all your funds transfers effected or pending at any time by clicking on the History tab. If your statement shows transfers that you did not make, notify us AT ONCE. If you do not tell us within 60 days after the transfer was posted to your statement, you may not get back any money you lost after the 60 days, if we can prove that we could have stopped someone from taking the money if you had told us in time. If a good reason (such as a long trip or a hospital stay) kept you from telling us, we will extend the time periods.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
System Logging The system must maintain an automated audit trail which can 20 identify the user or system process which initiates a request for PHI COUNTY discloses to 21 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY, 22 or which alters such PHI. The audit trail must be date and time stamped, must log both successful and 23 failed accesses, must be read only, and must be restricted to authorized users. If such PHI is stored in a 24 database, database logging functionality must be enabled. Audit trail data must be archived for at least 3 25 years after occurrence.
