Applicable Security Control Framework Compliance Sample Clauses

Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. The respondent must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data, on a need to know basis, provide clear separation of duties, and adheres to least privilege principles. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
Sample 1Sample 2Sample 3See All (14)
AutoNDA by SimpleDocs
Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. The respondent must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data, on a need to know basis, provide clear separation of duties, and adheres to least privilege principles. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and DocuSign Envelope ID: EFF9FDB8-6B01-4D41-8B0D-67E05D712EF5 responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
Sample 1

Related to Applicable Security Control Framework Compliance

  • HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.

  • DBE/HUB Compliance The Engineer’s subcontracting program shall comply with the requirements of Attachment H of the contract (DBE/HUB Requirements).

  • FERPA Compliance In connection with all FERPA Records that Contractor may create, receive or maintain on behalf of University pursuant to the Underlying Agreement, Contractor is designated as a University Official with a legitimate educational interest in and with respect to such FERPA Records, only to the extent to which Contractor (a) is required to create, receive or maintain FERPA Records to carry out the Underlying Agreement, and (b) understands and agrees to all of the following terms and conditions without reservation:

  • CEQA Compliance The District has complied with all assessment requirements imposed upon it by the California Environmental Quality Act (Public Resource Code Section 21000 et seq. (“CEQA”) in connection with the Project, and no further environmental review of the Project is necessary pursuant to CEQA before the construction of the Project may commence.

  • Requesting Price Increase/Required Documentation Contractor must submit a written notification at least thirty (30) calendar days prior to the requested effective date of the change, setting the amount of the increase, along with an itemized list of any increased prices, showing the Contractor’s current price, revised price, the actual dollar difference and the percentage of the price increase by line item. Price change requests must include H-GAC Forms D Offered Item Pricing and E Options Pricing, or the documentation used to submit pricing in the original Response and be supported with substantive documentation (e.g. manufacturer's price increase notices, copies of invoices from suppliers, etc.) clearly showing that Contractor's actual costs have increased per the applicable line item bid. The Producer Price Index (PPI) may be used as partial justification, subject to approval by H-GAC, but no price increase based solely on an increase in the PPI will be allowed. This documentation should be submitted in Excel format to facilitate analysis and updating of the website. The letter and documentation must be sent to the Bids and Specifications manager, Xxxxxxx Xxxxxx, at Xxxxxxx.Xxxxxx@x-xxx.xxx Review/Approval of Requests If H-GAC approves the price increase, Contractor will be notified in writing; no price increase will be effective until Contractor receives this notice. If H-GAC does not approve Contractor’s price increase, Contractor may terminate its performance upon sixty (60) days advance written notice to H-GAC, however Contractor must fulfill any outstanding Purchase Orders. Termination of performance is Contractor’s only remedy if H-GAC does not approve the price increase. H-GAC reserves the right to accept or reject any price change request.

  • Year 2000 Compliance Each Party warrants that it has implemented a program the goal of which is to ensure that all software, hardware and related materials (collectively called “Systems”) delivered, connected with BellSouth or supplied in the furtherance of the terms and conditions specified in this Agreement: (i) will record, store, process and display calendar dates falling on or after January 1, 2000, in the same manner, and with the same functionality as such software records, stores, processes and calendar dates falling on or before December 31, 1999; and (ii) shall include without limitation date data century recognition, calculations that accommodate same century and multicentury formulas and date values, and date data interface values that reflect the century.

  • Additional Request Requirements In addition to the requirements of Subparagraph 22A, the request for a WA must provide:

  • TRADE CONTROL COMPLIANCE a. The Parties shall comply with all export and import laws, regulations, decrees, orders, and policies of the United States Government and the Government of any country in which the Parties conduct business pursuant to this Contract, including but not limited to the Export Administration Regulations (“EAR”) of the U.S. Department of Commerce, the International Traffic in Arms Regulations (“ITAR”) of the U.S. Department of State, the U.S. Customs & Border Protection Regulations, the Harmonized Tariff Schedule, and the antiboycott and embargo regulations and guidelines as set forth in the EAR and in the U.S. Department of the Treasury, Office of Foreign Assets Control (collectively, “Trade Control Laws”).

  • ADA Compliance A. The Americans with Disabilities Act (42 U.S.C. § 12101, et seq.) and the regulations thereunder (28 C.F.R. § 35.130) (“ADA”) prohibit discrimination against persons with disabilities by the State, whether directly or through contractual arrangements, in the provision of any aid, benefit, or service. As a condition of receiving this Agreement, the Company certifies that services, programs, and activities provided under this Agreement are and will continue to be in compliance with the ADA.

  • PCI-DSS Compliance Merchant shall be in full compliance with rules, regulations, guidelines and procedures adopted by any Card Association or Payment Network relating to the privacy and security of Cardholder and Card transaction data, including without limitation the most up-to-date version of the Payment Card Industry Data Security Standard (PCI-DSS), as amended from time to time by the Payment Card Industry Security Standards Council. Detailed information pertaining to aforementioned requirements may be found at xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx. Additional information regarding security requirements may be found on the Card Association’s respective web sites.

Time is Money Join Law Insider Premium to draft better contracts faster.