Utah.gov - An official website

Security

Security

The State of Utah and Utah.gov take Internet security very seriously. Our technology and policies are designed to make your online transactions safe, private, and secure. Rigorous policies and procedures are utilized to safeguard your personal information, such as social security numbers, banking information, and personal data.

Internal security groups as well as third party security assessors scan Utah.gov servers and the various online services regularly. Utah.gov systems are routinely monitored for threats and appropriate precautions are taken to mitigate known threats.

We encourage all Utah.gov users to use strong passwords and change them regularly to minimize risk.

Utah dot gov security

Whenever you see this icon on a Utah State government webpage, the following security measures have been taken:

HTTPS - Hypertext Transfer Protocol Secure (HTTPS) is more secure than the Hypertext Transfer Protocol (HTTP) because all information passed back and forth is encrypted using Transport Layer Security (TLS) which was formerly called SSL. This has been done for your protection and privacy. This provides a reasonable assurance that one is communicating directly with the intended website without interference by attackers or impostors.

HTTPS used to only be used for payment transactions. Since 2017, HTTPS has been used by Utah.gov to protect page authenticity; secure accounts; and keep user communications, identity, and web browsing private.

Secure Internal Networks - Data transferred between databases is done using a secure protocol. For example, in many cases sFTP or Virtual Private Networks (VPN) are utilized to ensure that only authorized users can access the network and no one can intercept data.

Data Storage Policies - Unless necessary, Utah.gov does not permanently store financial information so it cannot be retrieved or compromised.

Physical Location Security - All physical locations where hardware and software are located are physically secured and only accessible by individuals with proper credentials.

Payment Card Industry Data Security Standards (PCI DSS) Compliant - Adherence to performance measurements outlined in the PCI DSS annual self evaluation, as well as submission to regular scans from third party auditors to search for network vulnerabilities.

Application Security - Software tools are employed to scan for individual application vulnerabilities.

The State of Utah and Utah.gov work hard to protect your personal information while you do business with government online.