County of Santa Clara Security Policy
Purpose of Policy
This policy addresses the measures taken to safeguard the integrity of the County’s telecommunications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption. The following sections of our Security Policy explain these uses:
A. Security Measures
B. Site Monitoring
C. User Registration and Authentication
1.1. Security Measures
Security measures have been integrated into the design, implementation, and day-to-day practices of the entire County operating environment as part of its continuing commitment to risk management.
Users connect to and register with the County of Santa Clara via a secure network protocol, and user information is transmitted through secure lines to our departmental database. This database caches personal preferences (e.g., content views) and information that could potentially be used to identify individual users (e.g., e-mail address).
The technical standards governing security are enforced by the County’s Information Services Division. These standards are generally derived from Generally Accepted Security Principles and Practices for Securing Information Technology Systems, published by the National Institute of Standards and Technology, a division of the United States Department of Commerce.
1.2. Site Monitoring
The County of Santa Clara provides this website and the information it contains as a public service. This system is monitored to ensure proper operation, to verify the functioning of applicable security features, and for comparable purposes. Anyone using this system expressly consents to such monitoring. Unauthorized attempts to modify any information stored on this system, to defeat or circumvent security features, or to utilize this system for other than its intended purposes are prohibited and may result in criminal prosecution.
1.3. User Registration and Authentication
Users register with the County of Santa Clara via a secure network protocol. Users will be sent an email to confirm their registration with the County website. This email will contain their username and password. In order to complete their registration, users must explicitly accept the County of Santa Clara’s policy statement.
During registration users create a password for use during login. Passwords must adhere to the following criteria:
- A minimum length of 6 characters and a maximum of 12.
- Passwords should only contain a-z, A-Z, 0-9, “-“, “_”, or “.”.
- Passwords must contain at least two of the four character classes listed above.
As a precaution, users will be sent to the “Forgot Password” page after 4 failed attempts to input a correct password, and an account will be locked after 12 failed attempts.