Common use of Access Control Clause in Contracts

Access Control. 9.17.10.1 Subrecipient shall implement formal procedures to control access to its systems, services and data, including, but not limited to, user account management procedures and other controls as outlined in this Subparagraph 9.17. Subrecipient shall ensure that network access to both internal and external networked services shall be controlled through the use of properly configured firewalls, etc. Operating systems will be used to enforce access controls to computer resources including, but not limited to, authentication, authorization and event logging. Applications will include access control to limit user access to information and application system functions. All systems will be monitored to detect deviation from access control policies and identify suspicious activity. Subrecipient shall record, review and act upon all events in accordance with incident response policies set forth herein. 9.17.10.2 Subrecipient shall develop, implement and enforce/maintain a password policy which requires users who are authorized to access confidential County Information Assets on electronic media to: create a strong complex password containing at least eight (8) characters, which shall include upper and lower case letters, digits and symbols; and, change his/her password at a minimum every ninety (90) days, etc. 9.17.10.3 Subrecipient shall develop, implement and enforce/maintain a password policy which provides for the following system requirements: when user changes his/her password, the system shall restrict user from re-using any of the last six (6) passwords; the system will lock itself after a minimum of three

Access Control. 9.17.10.1 9.18.10.1 Subrecipient shall implement formal procedures to control access to its systems, services and data, including, but not limited to, user account management procedures and other controls as outlined in this Subparagraph 9.179.18. Subrecipient shall ensure that network access to both internal and external networked services shall be controlled through the use of properly configured firewalls, etc. Operating systems will be used to enforce access controls to computer resources including, but not limited to, authentication, authorization and event logging. Applications will include access control to limit user access to information and application system functions. All systems will be monitored to detect deviation from access control policies and identify suspicious activity. Subrecipient shall record, review and act upon all events in accordance with incident response policies set forth herein. 9.17.10.2 9.18.10.2 Subrecipient shall develop, implement and enforce/maintain a password policy which requires users who are authorized to access confidential County Information Assets on electronic media to: create a strong complex password containing at least eight (8) characters, which shall include upper and lower case letters, digits and symbols; and, change his/her password at a minimum every ninety (90) days, etc. 9.17.10.3 9.18.10.3 Subrecipient shall develop, implement and enforce/maintain a password policy which provides for the following system requirements: when user changes his/her password, the system shall restrict user from re-using any of the last six (6) passwords; the system will lock itself after a minimum of three