Applicable Security Control Framework Compliance Sample Clauses

Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. These controls must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data to a need to know basis and provide clear separation of duties. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
Sample 1Sample 2Sample 3See All (13)
AutoNDA by SimpleDocs
Applicable Security Control Framework Compliance. The vendor must have an awareness and understanding of the NIST Special Publication 800-53 Security Control Framework and employ safeguards that meet or exceed the moderate level controls as defined within the standard. The respondent must provide sufficient safeguards to provide reasonable protections around the Commonwealth’s data to ensure that the confidentiality, integrity, and availability is maintained at an appropriate level. These include but are not limited to: • Access Control The vendor must employ policy and process that provide for stringent control to limit physical and logical access to systems that house Commonwealth data, on a need to know basis, provide clear separation of duties, and adheres to least privilege principles. • Awareness and Training The vendor must provide the appropriate role specific training for staff to ensure that there is awareness and understanding of roles and DocuSign Envelope ID: EFF9FDB8-6B01-4D41-8B0D-67E05D712EF5 responsibilities as they relate to the protections around the Commonwealth’s data. • Audit and Accountability There must be sufficient auditing capability to ensure that actions are tracked and there is individual accountability for all actions taken by vendor staff. • Configuration Management The vendor must work within established baselines that provide minimal functionality needed to ensure service delivery without exposing unnecessary risk. The vendor must also employ structured change control processes that provide a level of coordination with the client agreed upon in a Service Level Agreement (SLA).
Sample 1

Related to Applicable Security Control Framework Compliance

  • Regulation M Compliance The Company has not, and to its knowledge no one acting on its behalf has, (i) taken, directly or indirectly, any action designed to cause or to result in the stabilization or manipulation of the price of any security of the Company to facilitate the sale or resale of any of the Securities, (ii) sold, bid for, purchased, or, paid any compensation for soliciting purchases of, any of the Securities, or (iii) paid or agreed to pay to any Person any compensation for soliciting another to purchase any other securities of the Company, other than, in the case of clauses (ii) and (iii), compensation paid to the Company’s placement agent in connection with the placement of the Securities.

  • Compliance Control Services (1) Support reporting to regulatory bodies and support financial statement preparation by making the Fund's accounting records available to the Trust, the Securities and Exchange Commission (the “SEC”), and the independent accountants. (2) Maintain accounting records according to the 1940 Act and regulations provided thereunder. (3) Perform its duties hereunder in compliance with all applicable laws and regulations and provide any sub-certifications reasonably requested by the Trust in connection with any certification required of the Trust pursuant to the Xxxxxxxx-Xxxxx Act of 2002 (the “SOX Act”) or any rules or regulations promulgated by the SEC thereunder, provided the same shall not be deemed to change USBFS’s standard of care as set forth herein. (4) Cooperate with the Trust’s independent accountants and take all reasonable action in the performance of its obligations under this Agreement to ensure that the necessary information is made available to such accountants for the expression of their opinion on the Fund’s financial statements without any qualification as to the scope of their examination.

  • AML Compliance The Dealer Manager represents to the Company that it has established and implemented anti-money laundering compliance programs in accordance with applicable law, including applicable FINRA Conduct Rules, Exchange Act Regulations and the USA PATRIOT Act, specifically including, but not limited to, Section 352 of the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001 (the “Money Laundering Abatement Act,” and together with the USA PATRIOT Act, the “AML Rules”) reasonably expected to detect and cause the reporting of suspicious transactions in connection with the offering and sale of the Offered Shares. The Dealer Manager further represents that it is currently in compliance with all AML Rules, specifically including, but not limited to, the Customer Identification Program requirements under Section 326 of the Money Laundering Abatement Act, and the Dealer Manager hereby covenants to remain in compliance with such requirements and shall, upon request by the Company, provide a certification to the Company that, as of the date of such certification (a) its AML Program is consistent with the AML Rules and (b) it is currently in compliance with all AML Rules, specifically including, but not limited to, the Customer Identification Program requirements under Section 326 of the Money Laundering Abatement Act.

  • Additional Compliance If any Proposed Key Holder Transfer is not consummated within forty-five (45) days after receipt of the Proposed Transfer Notice by the Company, the Key Holders proposing the Proposed Key Holder Transfer may not sell any Transfer Stock unless they first comply in full with each provision of this Section 2. The exercise or election not to exercise any right by any Investor hereunder shall not adversely affect its right to participate in any other sales of Transfer Stock subject to this Section 2.2.

  • HIPAA Compliance If this Contract involves services, activities or products subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Contractor covenants that it will appropriately safeguard Protected Health Information (defined in 45 CFR 160.103), and agrees that it is subject to, and shall comply with, the provisions of 45 CFR 164 Subpart E regarding use and disclosure of Protected Health Information.

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • DBE/HUB Compliance The Engineer’s subcontracting program shall comply with the requirements of Attachment H of the contract (DBE/HUB Requirements).

  • FERPA Compliance In connection with all FERPA Records that Contractor may create, receive or maintain on behalf of University pursuant to the Underlying Agreement, Contractor is designated as a University Official with a legitimate educational interest in and with respect to such FERPA Records, only to the extent to which Contractor (a) is required to create, receive or maintain FERPA Records to carry out the Underlying Agreement, and (b) understands and agrees to all of the following terms and conditions without reservation:

  • CEQA Compliance The District has complied with all assessment requirements imposed upon it by the California Environmental Quality Act (Public Resource Code Section 21000 et seq. (“CEQA”) in connection with the Project, and no further environmental review of the Project is necessary pursuant to CEQA before the construction of the Project may commence.

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!