Common use of Cryptographic controls Clause in Contracts

Cryptographic controls. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than annually and is maintained to ensure its continuing suitability, adequacy and effectiveness. Contractor has procedures in place to control the installation of software on operational systems; Contractor selects test data carefully, and the test data is protected and controlled; and Contractor restricts access to program source code. Contractor has implemented procedures to maintain the security of application system software and information; Contractor utilizes formal change control procedures to implement changes; and Contractor supervises and monitors outsourced software development. Contractor documents the technical vulnerabilities, the exposure evaluated, and the appropriate measures taken to address the associated risk.

Cryptographic controls. Contractor has a cryptographic controls policy in place that is documented, has obtained management approval, is reviewed no less frequently than at least annually and is maintained to ensure its continuing suitability, adequacy adequacy, and effectiveness. Contractor has procedures in place to control the installation of software on operational systems; Contractor selects test data carefully, and the test data is protected and controlled; and Contractor restricts access to program source code. Contractor has implemented procedures to maintain the security of application system software and information; Contractor utilizes formal change control procedures to implement changes; and Contractor supervises and monitors outsourced software development. Contractor documents the technical vulnerabilities, the exposure evaluated, and the appropriate measures taken to address the associated risk.