82-75-420  <<  82-75-430 >>   82-75-440

WAC 82-75-430

WA-APCD infrastructure.

(1) The data vendor must limit access to the secure site. Personnel allowed access must be based on the principle of least privilege and have an articulable need to know or access the site.
(2) The data vendor must conduct annual penetration testing and have specific requirements around the timing of penetration and security testing of infrastructure used to host the WA-APCD by the outside firm. The results of penetration and security testing must be documented and the data vendor must provide the summary results, along with a corrective action plan and remediation timelines, to the office and the office of the state chief information security officer within thirty calendar days of receipt of the results.
[Statutory Authority: Chapter 43.371 RCW. WSR 17-08-079, ยง 82-75-430, filed 4/4/17, effective 5/5/17.]
Site Contents
Selected content listed in alphabetical order under each group