CYBER SECURITY REQUIREMENTS. The cyber security requirements applicable to this Contract are set out in this Annex. Section A (Cyber Security Requirements) includes the Purchaser’s requirements in connection with cyber security [and Section B (Cyber Implementation Plan) sets out further details on how the Service Provider will meet such requirements]. Guidance notes: The Purchaser should retain the reference to Section B above if: the Cyber Security Procurement Support Tool (CSPST) has been used in connection with this Contract; and the Service Provider and the Purchaser have agreed a Cyber Implementation Plan in conjunction with the SAQ report generated by the CSPST.
CYBER SECURITY REQUIREMENTS. In addition to mandatory cyber security flowdown requirements, the following additional provisions apply.
CYBER SECURITY REQUIREMENTS. The cyber security requirements applicable to the Framework Agreement are set out in this Annex. Section A (Cyber Security Requirements) includes the Authority’s requirements in connection with cyber security [and Section B (Cyber Implementation Plan) sets out further details on how the Contractor will meet such requirements].
CYBER SECURITY REQUIREMENTS. Supplier:
(a) represents and warrants to OPG that: (i) Supplier has a written and enforceable cyber security policy, and has established and maintains a cyber security program that is designed and implemented to prevent, detect and respond to cyber attacks that may impact OPG Systems and Information; and (ii) Supplier’s Personnel (which, for the purposes of these requirements, includes any Supplier personnel having access to OPG Systems and Information) have completed position-appropriate cyber security training;
(b) will immediately revoke all access to OPG Systems and Information for any Supplier’s Personnel who is terminated or no longer needs access to OPG Systems and Information;
(c) will notify OPG by sending an email to xxxx@xxx.xxx within 48 hours after discovering any security breach, incident or vulnerability impacting or otherwise involving OPG Systems and Information (including any Cyber Equipment if Supplier, acting reasonably, believes any such security breach, incident or vulnerability may have impacted or may potentially impact OPG Systems and Information), and furthermore if such security breach, incident or vulnerability relates to any Cyber Asset, Cyber Equipment, or Cyber Services, Supplier will also: (i) include in such written notification of any security breach, incident or vulnerability to OPG a description of the breach, incident or vulnerability, its potential security impact, its root cause, a remediation plan, and recommended mitigating or corrective actions; and (ii) promptly and continuously cooperate and coordinate with OPG to prevent, stop, contain, mitigate, resolve, recover from, respond to, and otherwise deal with any security breach, incident or vulnerability, including by providing OPG with ongoing status reports;
CYBER SECURITY REQUIREMENTS a. The awarded vendor shall, at a minimum, comply with all applicable security- related federal, state, and local laws.
b. In general, the term “data breach” shall mean a compromise of the security, confidentiality, or integrity of, or the loss of, computerized data for the City of Newark that results in, or there is a reasonable basis to conclude results in:
i. The unauthorized acquisition of personally identifiable information (PII), or
ii. Access to PII that is for an unauthorized purpose, or in excess of authorization.
c. The term “data breach” does not include any investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
d. Personally identifiable information (PII) is defined herein as information or data, alone or in combination, that identifies or authenticates a particular individual. Such information or data may include (without limitation): name, date of birth, full address, phone numbers, passwords, PINs, federal or state tax information, biometric data, other unique identification numbers (driver’s license numbers, SSNs, etc.), criminal history, citizenship status, medical information, financial information, usernames, answers to security questions, other personal identifiers, and/or information or data that meets the definition ascribed to the term “personal information” under §6809(4) of the Xxxxx-Xxxxx-Xxxxxx Act or other applicable law of the State of Delaware.
e. In the event of a data breach, the vendor shall:
i. Notify the City of Newark without unreasonable delay. Such notification is to include the nature of the breach, the number of records potentially affected, and the specific data potentially affected.
ii. Take all reasonable and necessary means to mitigate any injury or damage that may arise out of the data breach and shall implement corrective action as determined appropriate by the City. In the event of an emergency, the awarded vendor may take reasonable corrective action to address the emergency prior to City approval (the corrective action will not be considered final until approved by the City, however).
iii. Provide the City a preliminary written report detailing the nature, extent, and root cause of any such data breach no later than three (3) business days following notice of the breach.
iv. Meet and confer with appropriate City representatives regarding required remedial action in...
CYBER SECURITY REQUIREMENTS. The cyber security requirements applicable to the Contract are set out in this Annex. Section A (Cyber Security Requirements) includes the Purchaser’s requirements in connection with cyber security
CYBER SECURITY REQUIREMENTS. Contractor shall ensure all Information Security users are appropriately trained in accordance with SECNAVINST 5239.20, Department of the Navy Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification, 10 February 2016, SECNAVINST 5239.3, Department of the Navy Cybersecurity Policy, 02 May 2016, and DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), 12 March 2014, to fulfill cybersecurity responsibilities before allowing contractors access to systems or networks.
CYBER SECURITY REQUIREMENTS. Seller shall provide Buyer a copy of any reports submitted to the Government in support of this Agreement or any Order pursuant to DFARS 252.204-7012, or other cyber security requirements such as NIST SP 800-171 in advance, to the extent practicable, but no later than immediately following such submission to the Government. Cyber DFARS must be flowed down to all suppliers / subcontractors who store, process and /or generate Covered Defense Information as part of contract performance.
CYBER SECURITY REQUIREMENTS a. IEEE C37.240 - Cyber Security Requirements for Substation Automation, Protection and Control Systems
