Encryption Requirements Clause Samples
The Encryption Requirements clause mandates that certain data or communications must be protected using specified encryption standards. Typically, this clause outlines which types of information—such as personal data, financial records, or confidential business materials—must be encrypted both in transit and at rest, and may reference industry standards like AES or TLS. Its core function is to safeguard sensitive information from unauthorized access, thereby reducing the risk of data breaches and ensuring compliance with privacy regulations.
POPULAR SAMPLE Copied 1 times
Encryption Requirements i) Vendor shall utilize dedicated encryption keys. All encryption keys used to protect Customer Confidential Information shall be uniquely associated to Customer. The use of said encryption keys to encrypt non-Customer data is forbidden.
ii) All keys will be protected against modification; secret and private keys need to be protected against unauthorized disclosure.
iii) FIPS-approved or NIST-recommended cryptographic algorithms commensurate with key size shall be used whenever cryptographic services are applied.
iv) Vendor shall implement full disk encryption on any built-in or removable storage media in any Vendor controlled portable device which may access, store, process, transmit, or create Customer Confidential Information. All such encryption shall minimally meet the Advanced Encryption Standard with a 256- bit cypher key (“AES-256”) as outlined in the Federal Information Processing Standards publication 197 (“FIPS 197”).
v) Vendor shall ensure that all passwords are transmitted securely and encrypted when in storage. In the event that a hashing algorithm is used, Vendor must use a randomly-generated salt.
vi) Plaintext Encryption and/or Decryption keys must be adequately secured under split knowledge or multi- factor authentication (“MFA”) mechanisms. Only those trusted associates who have a “need to know” should be given access to the key or security environment storing keys. Storage of these keys must be separate and distinct from the encrypted data.
vii) When a Data Encryption Key (“DEK”) must be storedencrypted in a boot page of a data store, the DEK encryptor (Key Encryption Key (“KEK”)) must be separate and distinct from the encrypted data store and DEK.
viii) When a cryptographic key is compromised, all use of the key to apply cryptographic protection to information (e.g., compute a digital signature or encrypt information) shall cease, and the compromised key shall be revoked. However, the continued use of the key under controlled circumstances to remove or verify the protections (e.g., decrypt or verify a digital signature) may be warranted. All compromised keys must be retired and replaced in a timely fashion.
ix) Vendor encryption key management systems shall be designed so that the compromise of a single key compromises as little data as possible and avoids having a catastrophic weakness.
x) Vendor shall have a compromise recovery plan for restoring cryptographic security services in the event of a key compromise.
xi) Encryption keys wi...
Encryption Requirements. Seller will use, and will cause Seller Personnel to use, appropriate forms of encryption or other secure technologies at all times in connection with the Processing of Carrier Information, including in connection with any transfer, communication, remote access or storage (including back-up storage) of Carrier Information, as authorized or permitted under the Agreement and/or Order. Notwithstanding any provision to the contrary herein, Buyer Personal Information shall not be stored on any Seller mobile computing devices (e.g. laptop computers, PDAs (personal digital assistants), etc.)
Encryption Requirements. The Service Provider shall establish, maintain, and enforce (and Service Provider shall ensure its affiliates and Subcontractors establish, maintain, and enforce) a policy that prohibits the sending of any SOF Production Data that is customarily considered to be sensitive or confidential in nature (e.g., social security number) by electronic mail. The Service Provider agrees to encrypt the transmission of all SOF Production Data that is customarily considered to be sensitive or confidential in nature (e.g., social security number), whether or not it is sent through the HRIS or through other electronic means. The Service Provider shall obtain the Department’s approval for the encryption software and procedures used by Service Provider. The foregoing encryption requirement under this Section shall not apply to messages sent over secure, dedicated lines (i) from Service Provider employees and Independent Contractors to other Service Provider employees or Independent Contractors, or (ii) from the Service Provider to the Department, a Covered Entity or a member of the Covered Population. Further, notwithstanding any provision in this Contract to the contrary, Service Provider shall be permitted to receive emails or other electronic transmissions from the Department, a Covered Entity or a member of the Covered Population containing any SOF Production Data; further, in the event of such transmission, Service Provider shall protect the confidentiality of such data. Service Provider shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access SOF Production Data shall have “full disc” encryption. Service Provider shall require its Subcontractors to comply with the requirements to the extent applicable to Subcontractor’s Services.
Encryption Requirements. Custodian will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Fund Confidential Information used by Custodian’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. DST will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by DST.
Encryption Requirements. Transfer Agent will not locally store Fund Data on any laptops or mobile devices (e.g., Blackberries, PDAs) managed by Transfer Agent.
Encryption Requirements. State Street will encrypt any laptops or mobile devices (e.g., tablets and smartphones) containing Client Data used by State Street’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. DST shall encrypt any laptops or mobile devices (e.g., Blackberries, PDAs) containing Client Data used by DST’s personnel using an industry recognized encryption algorithm with at least 256 bit encryption AES (or equivalent).
Encryption Requirements. When communicating the Income Withholding for Support (IWO) through electronic transmission, precautions must be taken to ensure the security of the data. Child support agencies are encouraged to use the electronic applications provided by the federal Office of Child Support Enforcement. Other electronic means, such as encrypted attachments to emails, may be used if the encryption method is compliant with Federal Information Processing Standard (FIPS) Publication 140-2 (FIPS PUB 140-2).
Encryption Requirements. The Contractor shall establish, maintain, and enforce (and Contractor shall ensure its affiliates and subcontractors establish, maintain, and enforce) a written policy that prohibits the sending of any State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information) by electronic mail. This written policy must be provided to the Department within sixty (60) days of execution of the Contract. The Contractor agrees to encrypt the transmission of all State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information), whether or not it is sent through MFMP or through other electronic means. The Contractor shall obtain the Department’s approval for the encryption software and procedures used by Contractor. The foregoing encryption requirement under this section shall not apply to messages sent over secure, dedicated lines:
a. From Contractor employees and Individual Contractors to other Contractor employees or Individual Contractors, or
b. From the Contractor to the Department, a Covered Entity or a member of the Covered Population. The Contractor shall be permitted to receive emails or other electronic transmissions from the Department or a Customer containing any State Data; further, in the event of such transmission, Contractor shall protect the confidentiality of such data. Contractor shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access State Data shall have “full disc” encryption. Contractor shall require its subcontractors to comply with the requirements to the extent applicable to subcontractor’s services.