CYBER SECURITY REQUIREMENTS. The cyber security requirements applicable to this Contract are set out in this Annex. Section A (Cyber Security Requirements) includes the Purchaser’s requirements in connection with cyber security [and Section B (Cyber Implementation Plan) sets out further details on how the Service Provider will meet such requirements]. Guidance notes: The Purchaser should retain the reference to Section B above if: the Cyber Security Procurement Support Tool (CSPST) has been used in connection with this Contract; and the Service Provider and the Purchaser have agreed a Cyber Implementation Plan in conjunction with the SAQ report generated by the CSPST.
CYBER SECURITY REQUIREMENTS. In addition to mandatory cyber security flowdown requirements, the following additional provisions apply.
CYBER SECURITY REQUIREMENTS. The cyber security requirements applicable to the Framework Agreement are set out in this Annex. Section A (Cyber Security Requirements) includes the Authority’s requirements in connection with cyber security [and Section B (Cyber Implementation Plan) sets out further details on how the Contractor will meet such requirements].
CYBER SECURITY REQUIREMENTS. (a) The Supplier undertakes to:
(i) take precautions in accordance with best industry practice and otherwise use best endeavours to ensure that no Harmful Code subsists in or is introduced into any of its computer systems used to provide the Goods or the Services or ElectraNet’s computer systems; and
(ii) comply with any data or cyber security standards and policies which may from time to time be notified by ElectraNet.
(b) If the Supplier becomes aware that Harmful Code subsists in any of its computer systems used to provide the Goods or Services or ElectraNet’s systems, the Supplier must immediately notify ElectraNet and take all necessary remedial action to contain and eliminate the Harmful Code and prevent any further introduction or propagation of Harmful Code.
(c) The Supplier must promptly comply with all reasonable directions of ElectraNet which relate to cyber security.
(d) ElectraNet may, from time to time, require the Supplier to provide evidence of its compliance with this clause 12.5 at its own cost and the Supplier must cooperate with the undertaking of any reasonable tests relating to cyber security required by ElectraNet in order to confirm the Supplier’s compliance with this clause.
CYBER SECURITY REQUIREMENTS. Contractor shall ensure all Information Security users are appropriately trained in accordance with SECNAVINST 5239.20, Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification, 10 February 2016, SECNAVINST 5239.3, Department of the Navy Cybersecurity Policy, 02 May 2016, and DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), 12 March 2014, to fulfill cybersecurity responsibilities before allowing contractors access to systems or networks.
CYBER SECURITY REQUIREMENTS. In performing its obligations and exercising its rights under this Agreement, each Party warrants and represents to the other Party that it will maintain adequate administrative, technical, and physical measures, controls, tools, systems, policies and procedures in accordance with good cyber security industry practice and all Applicable Laws.
CYBER SECURITY REQUIREMENTS. Seller shall provide Buyer a copy of any reports submitted to the Government in support of this Agreement or any Order pursuant to DFARS 252.204-7012, or other cyber security requirements such as NIST SP 800-171 in advance, to the extent practicable, but no later than immediately following such submission to the Government. Cyber DFARS must be flowed down to all suppliers / subcontractors who store, process and /or generate Covered Defense Information as part of contract performance.
CYBER SECURITY REQUIREMENTS. Supplier:
(a) represents and warrants to OPG that: (i) Supplier has a written and enforceable cyber security policy, and has established and maintains a cyber security program that is designed and implemented to prevent, detect and respond to cyber attacks that may impact OPG Systems and Information; and (ii) Supplier’s Personnel (which, for the purposes of these requirements, includes any Supplier personnel having access to OPG Systems and Information) have completed position-appropriate cyber security training;
(b) will immediately revoke all access to OPG Systems and Information for any Supplier’s Personnel who is terminated or no longer needs access to OPG Systems and Information;
(c) will notify OPG by sending an email to xxxx@xxx.xxx within 48 hours after discovering any security breach, incident or vulnerability impacting or otherwise involving OPG Systems and Information (including any Cyber Equipment if Supplier, acting reasonably, believes any such security breach, incident or vulnerability may have impacted or may potentially impact OPG Systems and Information), and furthermore if such security breach, incident or vulnerability relates to any Cyber Asset, Cyber Equipment, or Cyber Services, Supplier will also: (i) include in such written notification of any security breach, incident or vulnerability to OPG a description of the breach, incident or vulnerability, its potential security impact, its root cause, a remediation plan, and recommended mitigating or corrective actions; and (ii) promptly and continuously cooperate and coordinate with OPG to prevent, stop, contain, mitigate, resolve, recover from, respond to, and otherwise deal with any security breach, incident or vulnerability, including by providing OPG with ongoing status reports;
CYBER SECURITY REQUIREMENTS. The Supplier undertakes to:
(i) take precautions in accordance with best industry practice and otherwise use best endeavours to ensure that no Harmful Code subsists in or is introduced into any of its computer systems used to provide the Goods or the Services or ElectraNet’s computer systems; and
(ii) comply with any data or cyber security standards and policies which may from time to time be notified by ElectraNet. If the Supplier becomes aware that Harmful Code subsists in any of its computer systems used to provide the Goods or Services or ElectraNet’s systems, the Supplier must immediately notify ElectraNet and take all necessary remedial action to contain and eliminate the Harmful Code and prevent any further introduction or propagation of Harmful Code. The Supplier must promptly comply with all reasonable directions of ElectraNet which relate to cyber security. ElectraNet may, from time to time, require the Supplier to provide evidence of its compliance with this clause 12.5 at its own cost and the Supplier must cooperate with the undertaking of any reasonable tests relating to cyber security required by ElectraNet in order to confirm the Supplier’s compliance with this clause.
