HTML has links - PDF has Authentication
182-70-420  <<  182-70-430 >>   182-70-440

PDFWAC 182-70-430

WA-APCD infrastructure.

(1) The data vendor must limit access to the secure site. Personnel allowed access must be based on the principle of least privilege and have an articulable need to know or access the site.
(2) The data vendor must conduct annual penetration testing and have specific requirements around the timing of penetration and security testing of infrastructure used to host the WA-APCD by the outside firm. The results of penetration and security testing must be documented and the data vendor must provide the summary results, along with a corrective action plan and remediation timelines, to the authority and the office of the state chief information security officer within thirty calendar days of receipt of the results.
[Statutory Authority: RCW 41.05.021, 41.05.160 and 43.371.020. WSR 20-08-059, § 182-70-430, filed 3/25/20, effective 4/25/20. WSR 19-24-090, recodified as § 182-70-430, filed 12/3/19, effective 1/1/20. Statutory Authority: Chapter 43.371 RCW. WSR 17-08-079, § 82-75-430, filed 4/4/17, effective 5/5/17.]