Electronic Security Requirements. a. The Requestor, by this agreement, certifies it has an information security program in place that follow current industry design and best practices, including, but not limited to those published by The National Institute of Standards & Technology (NIST), the SANS (SysAdmin, Audit, Network, Security (SANS) Institute), and other recognized bodies to prevent unauthorized electronic access to RMV data or to its database. b. For All Requestors , using any Access Method, Requestor agrees, at a minimum, to do the following: i. Have written procedures in place to insure the electronic safety, physical security and confidentiality of RMV data in accordance with paragraph 10 of this Agreement; ii. Have written procedures in place that insure RMV data is accessed only for permitted uses under the DPPA and consistent with paragraph 10 of this Agreement. c. For Requestors Who Select Web Services or SFTP Option under Paragraph 3. Requestor agrees to do the following: i. Assign a unique ID to each end user who will access RMV data. ii. Implement written password policies and procedures that follow current industry design and best practices such as: 1. those published by The National Institute of Standards & Technology (currently SP800-63b section 5); 2. the SANS (SysAdmin, Audit, Network, Security Institute) Password Construction Guidelines (currently SANS document section 4)and
Appears in 6 contracts
Samples: Agreement for Access to Records and Data, Access Agreement, Access Agreement
