Authorization, Authentication, and Access Sample Clauses

Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Have documented policies and procedures governing access to systems with the shared Data. b. Restrict access through administrative, physical, and technical controls to authorized staff. c. Ensure that user accounts are unique and that any given user account logon ID and password combination is known only to the one employee to whom that account is assigned. For purposes of non-repudiation, it must always be possible to determine which employee performed a given action on a system housing the Data based solely on the logon ID used to perform the action. d. Ensure that only authorized users are capable of accessing the Data. e. Ensure that an employee’s access to the Data is removed immediately: (1) Upon suspected compromise of the user credentials. (2) When their employment, or the contract under which the Data is made available to them, is terminated. (3) When they no longer need access to the Data to fulfill the requirements of the contract. f. Have a process to periodically review and verify that only authorized users have access to systems containing DSHS Confidential Information. g. When accessing the Data from within the Contractor’s network (the Data stays within the Contractor’s network at all times), enforce password and logon requirements for users within the Contractor’s network, including: (1) A minimum length of 8 characters, and containing at least three of the following character classes: uppercase letters, lowercase letters, numerals, and special characters such as an asterisk, ampersand, or exclamation point. (2) That a password does not contain a user’s name, logon ID, or any form of their full name. (3) That a password does not consist of a single dictionary word. A password may be formed as a passphrase which consists of multiple dictionary words. (4) That passwords are significantly different from the previous four passwords. Passwords that increment by simply adding a number are not considered significantly different. h. When accessing Confidential Information from an external location (the Data will traverse the Internet or otherwise travel outside the Contractor’s network), mitigate risk and enforce password and logon requirements for users by employing measures including: (1) Ensuring mitigations applied to the system don’t allow end-user modification. (2) Not allowing the use of dial-up connections. (3) Using industry standard protoc...
Sample 1Sample 2Sample 3See All (163)
AutoNDA by SimpleDocs
Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Have documented policies and procedures governing access to systems with the shared Data. b. Restrict access through administrative, physical, and technical controls to authorized staff.
Sample 1Sample 2See All (4)
Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Comply with IRS Publication 1075 for technology services, when Contractor is in receipt of Tax Returns or Federal Tax Information (FTI). FTI cannot be accessed by agency employees, agents, representatives, or contractors located offshore—outside of the United States territories, embassies or military installations. Further, FTI may not be received, processed, stored, transmitted, or disposed of by information technology (IT) systems located offshore. b. Have documented policies and procedures governing access to systems with the shared Data. c. Restrict access through administrative, physical, and technical controls to authorized staff. d. Ensure that user accounts are unique and that any given user account logon ID and password combination is known only to the one employee to whom that account is assigned. For purposes of non-repudiation, it must always be possible to determine which employee performed a given action on a system housing the Data based solely on the logon ID used to perform the action. e. Ensure that only authorized users are capable of accessing the Data. f. Ensure that an employee’s access to the Data is removed immediately: (1) Upon suspected compromise of the user credentials. (2) When their employment, or the contract under which the Data is made available to them, is terminated. (3) When they no longer need access to the Data to fulfill the requirements of the contract. g. Have a process to periodically review and verify that only authorized users have access to systems containing DSHS Confidential Information. h. When accessing the Data from within the Contractor’s network (the Data stays within the Contractor’s network at all times), enforce password and logon requirements for users within the Contractor’s network, including: (1) A minimum length of 8 characters, and containing at least three of the following character classes: uppercase letters, lowercase letters, numerals, and special characters such as an asterisk, ampersand, or exclamation point. (2) That a password does not contain a user’s name, logon ID, or any form of their full name. Exhibit (3) That a password does not consist of a single dictionary word. A password may be formed as a passphrase which consists of multiple dictionary words. (4) That passwords are significantly different from the previous four passwords. Passwords that increment by simply adding a number are n...
Sample 1
Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Comply with IRS Publication 1075 for technology services. FTI cannot be accessed by agency employees, agents, representatives, or contractors located offshore—outside of the United States territories, embassies or military installations. Further, FTI may not be received, processed, stored, transmitted, or disposed of by information technology (IT) systems located offshore. b. Have documented policies and procedures governing access to systems with the shared Data.
Sample 1
Authorization, Authentication, and Access. In order to ensure that access to the Data is limited to authorized staff, the Contractor must: a. Have documented policies and procedures governing access to systems with the shared Data. b. Restrict access through administrative, physical, and technical controls to authorized staff. c. Ensure that user accounts are unique and that any given user account logon ID and password combination is known only to the one employee to whom that account is assigned. For purposes of non-repudiation, it must always be possible to determine which employee performed a given action on a system housing the Data based solely on the logon ID used to perform the action. d. Ensure that only authorized users are capable of accessing the Data. e. (1) Upon suspected compromise of the user credentials. (2) When their employment, or the contract under which the Data is made available to them, is terminated. (3) When they no longer need access to the Data to fulfill the requirements of the contract.
Sample 1

Related to Authorization, Authentication, and Access

  • Execution, Authentication and Delivery of Notes The Notes shall be signed in the name and on behalf of the Company by the manual or facsimile signature of any of its Chief Executive Officer, President, Chief Financial Officer, Treasurer, Secretary or any of its Executive or Senior Vice Presidents. At any time and from time to time after the execution and delivery of this Indenture, the Company may deliver Notes executed by the Company to the Trustee for authentication, together with a Company Order for the authentication and delivery of such Notes, and the Trustee in accordance with such Company Order shall authenticate and deliver such Notes, without any further action by the Company hereunder; provided that the Trustee shall be entitled to receive an Officer’s Certificate and an Opinion of Counsel of the Company with respect to the issuance, authentication and delivery of such Notes. Only such Notes as shall bear thereon a certificate of authentication substantially in the form set forth on the Form of Note attached as Exhibit A hereto, executed manually by an authorized signatory of the Trustee (or an authenticating agent appointed by the Trustee as provided by Section 17.10), shall be entitled to the benefits of this Indenture or be valid or obligatory for any purpose. Such certificate by the Trustee (or such an authenticating agent) upon any Note executed by the Company shall be conclusive evidence that the Note so authenticated has been duly authenticated and delivered hereunder and that the Holder is entitled to the benefits of this Indenture. In case any Officer of the Company who shall have signed any of the Notes shall cease to be such Officer before the Notes so signed shall have been authenticated and delivered by the Trustee, or disposed of by the Company, such Notes nevertheless may be authenticated and delivered or disposed of as though the Person who signed such Notes had not ceased to be such Officer of the Company; and any Note may be signed on behalf of the Company by such persons as, at the actual date of the execution of such Note, shall be the Officers of the Company, although at the date of the execution of this Indenture any such Person was not such an Officer.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!