NIST Cybersecurity Framework The U.S. Department of Commerce National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1.
Procurement of Goods and Services (a) If the HSP is subject to the procurement provisions of the BPSAA, the HSP will abide by all directives and guidelines issued by the Management Board of Cabinet that are applicable to the HSP pursuant to the BPSAA.
(b) If the HSP is not subject to the procurement provisions of the BPSAA, the HSP will have a procurement policy in place that requires the acquisition of supplies, equipment or services valued at over $25,000 through a competitive process that ensures the best value for funds expended. If the HSP acquires supplies, equipment or services with the Funding it will do so through a process that is consistent with this policy.
Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.
Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.
Procurement of Goods Part A: General Goods shall be procured in accordance with the provisions of Section I of the "Guidelines for Procurement under IBRD Loans and XXX Credits" published by the Bank in January 1995 and revised in January 1996 (the Guidelines) and the following provisions of this Section, as applicable. Part B: International Competitive Bidding
Technical Safeguards 1. USAC and DSS will process the data matched and any data created by the match under the immediate supervision and control of authorized personnel to protect the confidentiality of the data, so unauthorized persons cannot retrieve any data by computer, remote terminal, or other means.
2. USAC and DSS will strictly limit authorization to these electronic data areas necessary for the authorized user to perform their official duties. All data in transit will be encrypted using algorithms that meet the requirements of the Federal Information Processing Standard (FIPS) Publication 140-2 or 140-3 (when applicable).
3. Authorized system users will be identified by User ID and password, and individually tracked to safeguard against the unauthorized access and use of the system. System logs of all user actions will be saved, tracked and monitored periodically.
4. USAC will transmit data to DSS via encrypted secure file delivery system. For each request, a response will be sent back to USAC to indicate success or failure of transmission.
Safety and Security Procedures Contractor shall maintain and enforce, at the Contractor Work Locations, industry-standard safety and physical security policies and procedures. While at each Court Work Location, Contractor shall comply with the safety and security policies and procedures in effect at such Court Work Location.
Administration and Risk Management Employees of Federated Advisory Services Company provide support to portfolio managers and other employees of affiliated advisers. Such services may include development of risk management programs, production of portfolio and compliance reports for clients and/or fund Boards, coordination of client portfolios and related fixed income trade execution implementation and administration, completion of required broker and custody documentation, development and documentation of operational procedures, coordination of proxy voting activities, on-site support of hardware and software, etc.”
Risk Management Except as required by applicable law or regulation, (i) implement or adopt any material change in its interest rate and other risk management policies, procedures or practices; (ii) fail to follow its existing policies or practices with respect to managing its exposure to interest rate and other risk; or (iii) fail to use commercially reasonable means to avoid any material increase in its aggregate exposure to interest rate risk.
Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.
