Assessment and Authorization Sample Clauses

Assessment and Authorization. (A&A). A valid authority to operate (ATO) certifies that the Contractor's information system meets the contract's requirements to protect the agency data. If the system under this contract does not have a valid ATO, the Contractor (and/or any subcontractor) must work with the agency and supply the deliverables required to complete the ATO within the specified timeline(s) Within 10 business days of contract award. The ATO is ongoing and will remain in effect for a period of four (4) years of the period of performance of the contract]. The Contractor must conduct the A&A requirements in accordance with HHS IS2P, NIST SP 800-37, Guide for Applying the Risk Management Framework to Information Systems: A Security Life Cycle Approach (latest revision), NIST SP 800-53B, Control Baselines for Information Systems and Organizations, and the NIST SP 800-53A (latest revision). HHS/OS/OASH acceptance of the ATO does not alleviate the Contractor's responsibility to ensure the system security and privacy controls are implemented and operating effectively.
Sample 1
AutoNDA by SimpleDocs
Assessment and Authorization. The Contractor shall obtain commercial and/or organization specific certifications/authorizations for new or modified systems, applications, designs, equipment or installations IAW applicable organization standards specified by individual Task Orders. Specific activities include, but are not limited to security certifications, or comprehensive assessments of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly.
Sample 1
Assessment and Authorization. (A&A) Activities The implementation of a new Federal Government IT system requires a formal approval process known as Assessment and Authorization (A&A). NIST Special Publication 800-37, (hereafter described as NIST 800- 37) and DOI IT Security Procedural Guide 06-30, “Managing Enterprise Risk”, give guidelines for performing the A&A process. The Contractor system/application must have a valid A&A(signed off by the Federal government) before going into operation and processing DOI information. The failure to obtain and maintain a valid A&A will be grounds for termination of the contract. The system must have a new A&A conducted (and signed off on by the Federal government) and maintained on a continuous basis or at the discretion of the Authorizing Official when there is a significant change to the system’s security posture. All NIST 800-53 controls must be tested/assessed on a continuous basis as deemed appropriate by the Authorizing Official.
Sample 1

Related to Assessment and Authorization

  • Appointment and Authority Each of the Lenders and the L/C Issuer hereby irrevocably appoints Bank of America to act on its behalf as the Administrative Agent hereunder and under the other Loan Documents and authorizes the Administrative Agent to take such actions on its behalf and to exercise such powers as are delegated to the Administrative Agent by the terms hereof or thereof, together with such actions and powers as are reasonably incidental thereto. The provisions of this Article are solely for the benefit of the Administrative Agent, the Lenders and the L/C Issuer, and neither the Borrower nor any other Loan Party shall have rights as a third party beneficiary of any of such provisions. It is understood and agreed that the use of the term “agent” herein or in any other Loan Documents (or any other similar term) with reference to the Administrative Agent is not intended to connote any fiduciary or other implied (or express) obligations arising under agency doctrine of any applicable Law. Instead such term is used as a matter of market custom, and is intended to create or reflect only an administrative relationship between contracting parties.

  • Power and Authority The Servicer has the corporate power and authority to execute and deliver this Agreement and to carry out its terms; and the execution, delivery and performance of this Agreement have been duly authorized by the Servicer by all necessary corporate action.

  • Organization and Authority The Subscriber is a Delaware limited liability company, validly existing and in good standing under the laws of Delaware and possesses all requisite power and authority necessary to carry out the transactions contemplated by this Agreement. Upon execution and delivery by you, this Agreement is a legal, valid and binding agreement of Subscriber, enforceable against Subscriber in accordance with its terms, except as such enforceability may be limited by applicable bankruptcy, insolvency, fraudulent conveyance or similar laws affecting the enforcement of creditors’ rights generally and subject to general principles of equity (regardless of whether enforcement is sought in a proceeding at law or in equity).

  • PURPOSE AND AUTHORITY The parties to this agreement are the Department of Homeland Security (DHS) and the (Employer). The purpose of this agreement is to set forth terms and conditions which the Employer will follow while participating in E-Verify.

Time is Money Join Law Insider Premium to draft better contracts faster.