Common use of Credential Restrictions Clause in Contracts

Credential Restrictions. Contractor shall restrict the use of, and access to, administrative credentials for accounts and system services accessing City Data, to only those of Contractor’s personnel and subcontractors whose access is essential for the purpose of providing the contracted services or performing obligations under this Agreement. Contractor shall require personnel and subcontractors to log on using an assigned user-name and password when administering City accounts or accessing City Data. These controls must enable Contractor to promptly revoke or change access in response to terminations or changes in job functions, as applicable. Contractor shall encrypt all passwords, passphrases, and PINs, using solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Contractor shall implement any City request to revoke or modify user access within twenty-four hours or the next business day of receipt of City’s request. Contractor shall disable user accounts after at most 10 consecutive invalid authentication attempts.

Credential Restrictions. Contractor shall restrict the use of, and access to, administrative credentials for accounts and system services accessing City Data, to only those of Contractor’s personnel and subcontractors whose access is essential for the purpose of providing the contracted services Contracted Services or performing obligations under this Agreement. Contractor shall require personnel and subcontractors to log on using an assigned user-name and password when administering City accounts or accessing City Data. These controls must enable Contractor to promptly revoke or change access in response to terminations or changes in job functions, as applicable. Contractor shall encrypt all passwords, passphrases, and PINs, using solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Contractor shall implement any City request to revoke or modify user access within twenty-four (24) hours or the next business day of receipt of City’s request. Contractor shall disable user accounts after after, at most 10 most, ten (10) consecutive invalid authentication attempts.

Credential Restrictions. Contractor shall restrict the use of, and access to, administrative credentials for accounts and system services accessing City Data, to only those of Contractor’s personnel and subcontractors whose access is essential for the purpose of providing the contracted services Contracted Services or performing obligations under this Agreement. Contractor shall require personnel and subcontractors to log on using an assigned user-name and password when administering City accounts or accessing City Data. These controls must enable Contractor to promptly revoke or change access in response to terminations or changes in job functions, as applicable. Contractor shall encrypt all passwords, passphrases, and PINs, using solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Contractor shall implement any City request to revoke or modify user access within twenty-four (24) hours or the next business day of receipt of City’s request. Contractor shall disable user accounts after after, at most 10 most, ten (10) consecutive invalid authentication attempts. References to “subcontractor” in the Pledge of Compliance document is limited to subcontractors providing professional services.

Credential Restrictions. Contractor shall restrict the use of, and access to, administrative credentials for accounts and system services accessing City Data, to only those of Contractor’s personnel Personnel and subcontractors Subprocessors whose access is essential for the purpose of providing the contracted services Contracted Services or performing obligations under this Agreement. Contractor shall require personnel Personnel and subcontractors Subprocessors to log on using an assigned user-name and password when administering City accounts or accessing City Data. These controls must enable Contractor to promptly revoke or change access in response to terminations or changes in job functions, as applicable. Contractor shall encrypt all passwords, passphrases, and PINs, using solutions that are certified against U.S. Federal Information and Processing Standard 140-2, Level 2, or equivalent industry standard, and verify that the encryption keys and keying material are not stored with any associated data. Contractor shall will implement any City request to revoke or modify user access within twenty-four hours or the next business day of receipt of City’s request. Contractor shall will disable user accounts after at most 10 consecutive invalid authentication attempts.