Section 182-70-430 - WA-APCD infrastructure(1) The data vendor must limit access to the secure site. Personnel allowed access must be based on the principle of least privilege and have an articulable need to know or access the site.(2) The data vendor must conduct annual penetration testing and have specific requirements around the timing of penetration and security testing of infrastructure used to host the WA-APCD by the outside firm. The results of penetration and security testing must be documented and the data vendor must provide the summary results, along with a corrective action plan and remediation timelines, to the authority and the office of the state chief information security officer within thirty calendar days of receipt of the results.Wash. Admin. Code § 182-70-430
WSR 19-24-090, recodified as § 182-70-430, filed 12/3/19, effective 1/1/20Amended by WSR 20-08-059, Filed 3/25/2020, effective 4/25/2020Statutory Authority: Chapter 43.371 RCW. WSR 17-08-079, § 82-75-430, filed 4/4/17, effective 5/5/17.