Security
Agencies/state entities must protect user privacy, data integrity and sensitive information.
Transport Layer Security – Websites shall, at minimum, use Transport Layer Security (TLS) certificates (formerly referred to as Secure Socket Layer (SSL) certificates) that adhere to a minimum Secure Hash Algorithm (SHA) 2 and 2048- bit key encryption. At minimum the full Agency/state entity name shall be provided as the “unit” for TLS certificate purposes. The contact person(s) named in a TLS certificate must be consistent with the contact(s) registered for the domain. Agency/state entities shall verify contacts are consistent as part of the annual Domain Name Certification process, see SAM Section 5195.
Extended Validation – Websites that process, store or transmit financial transactions and/or Personal Information, as defined by Civil Code Section 1798.3, shall use an Extended Validation (EV) TLS certificate.
Request a Security Certificate through CDT
Current CDT customers may obtain a security certificate to secure data across computer networks and provide encryption. If you do not have a CDT Remedy account and would like a certificate, please contact the CDT Service Desk at 916-464-4311.