Cryptographic controls Sample Clauses

Cryptographic controls i. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness.
AutoNDA by SimpleDocs
Cryptographic controls. The Contractor should put in place an appropriate policy on the use of encryption, plus cryptographic authentication and integrity controls such as digital signatures and message authentication codes, and cryptographic key management.
Cryptographic controls. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness. Contractor has procedures in place to control the installation of software on operational systems; Contractor selects test data carefully, and the test data is protected and controlled; and Contractor restricts access to program source code. Contractor has implemented procedures to maintain the security of application system software and information; Contractor utilizes formal change control procedures to implement changes; and Contractor supervises and monitors outsourced software development. Contractor documents the technical vulnerabilities, the exposure evaluated, and the appropriate measures taken to address the associated risk.
Cryptographic controls. The Consultant should put in place an appropriate policy on the use of encryption, plus cryptographic authentication and integrity controls such as digital signatures and message authentication codes, and cryptographic key management.
Cryptographic controls. 10.1.1 Policy on the use of cryptographic controls Defined in the Eight Technology Information Security Policy 10.1.2 Key management Defined in the Eight Technology Information Security Policy
Cryptographic controls. Data importer shall follow a documented policy on the use of cryptographic controls. Data importer’s cryptographic controls shall: 1) Be designed to reasonably protect the confidentiality and integrity of personal data being handled by data importer in any shared network environments in accordance with the terms of this Appendix; 2) Be applied to data importer-hosted environment(s) used to transmit personal data across or to “untrusted” networks (i.e., networks that data importer does not legally control), including those environments or networks used for sending data to data exporter’s corporate network from data importer’s network, subject to data exporter’s cooperation in management of encryption keys necessary to decrypt transmissions received by data exporter; and 3) Include documented encryption key management practices to support the security of cryptographic technologies. 4) Include encryption of all personal data on laptops and other portable devices.
Cryptographic controls i. Upon award and not later than six months following execution of the Contract, Contractor will create a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness.
AutoNDA by SimpleDocs
Cryptographic controls. Iron Mountain shall follow a documented policy on the use of cryptographic controls. Iron Mountain’s cryptographic controls shall: 6.14.1 Be designed to reasonably protect the confidentiality and integrity of Customer Personal Data being processed, transmitted or stored by Iron Mountain in any shared network environments in accordance with the terms of the Agreement; 6.14.2 Be applied, in Iron Mountain-hosted environment(s) used to provide services, to Customer Personal Data in transit across or to “untrusted” networks (i.e., networks that Iron Mountain does not legally control), including those used for sending data to Customer’s corporate network from Iron Mountain’s network, subject, in each case, to Customer’s cooperation in management of encryption keys necessary to de-encrypt transmissions received by Customer; and 6.14.3 Include documented encryption key management practices to support the security of cryptographic technologies. 6.14.4 Include encryption of all Customer Personal Data on laptops or other portable devices.
Cryptographic controls. ● Cryptographic keys must be in line with industry best practice (minimum 256 bits for symmetric keys and 2048 bits for Asymmetric keys) ● Cryptographic keys must be protected against modification and loss ● Minimum standards must be defined for ciphers, protocols and hashing algorithms ● A recognised library must be used for cryptography algorithms ● Private keys must be transferred securely between components (minimum of AES 256)

Related to Cryptographic controls

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

  • Access Controls The system providing access to PHI COUNTY discloses to 20 CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY 21 must use role based access controls for all user authentications, enforcing the principle of least privilege.

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • TIA Controls If any provision of this Indenture limits, qualifies, or conflicts with another provision which is required to be included in this Indenture by the TIA, the required provision shall control.

  • Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • Plan Controls The terms contained in the Plan are incorporated into and made a part of this Agreement and this Agreement shall be governed by and construed in accordance with the Plan. In the event of any actual or alleged conflict between the provisions of the Plan and the provisions of this Agreement, the provisions of the Plan shall be controlling and determinative.

  • Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.

  • Controls Each party will maintain commercially reasonable administrative, technical, and physical controls designed to protect data in its possession or under its control from unauthorised access, accidental loss and unauthorised modification. You are responsible for implementing administrative, technical, and physical controls that are appropriate for your business.

  • Encryption The Fund acknowledges and agrees that encryption may not be available for every communication through the System, or for all data. The Fund agrees that Custodian may deactivate any encryption features at any time, without notice or liability to the Fund, for the purpose of maintaining, repairing or troubleshooting the System or the Software.

  • Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means. 2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable). 3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically. 4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!