Common use of Electronic Security Requirements Clause in Contracts

Electronic Security Requirements. a. The Requestor, by this agreement, certifies it and its authorized end users have an information security program in place that follow current industry design and best practices, including, but not limited to those published by The National Institute of Standards & Technology (NIST), the SANS (SysAdmin, Audit, Network, Security (SANS) Institute), and other recognized bodies to prevent unauthorized electronic access to RMV data or to its database. b. For All Requestors , using any Access Method, Requestor agrees that it and its authorized end users, at a minimum, will do the following: i. Have written procedures in place to ensure the electronic safety, physical security and confidentiality of RMV data in accordance with paragraph 10 of this Agreement; ii. Have written procedures in place that ensure RMV data is accessed only for permitted uses under the DPPA and consistent with paragraph 10 of this Agreement. c. For Requestors Who Select Web Services or SFTP Option under Paragraph 3. Requestor agrees to do the following: i. Assign a unique ID to each end user who will access RMV data. ii. Implement and ensure that any authorized end users implement written password policies and procedures that follow current industry design and best practices such as: 1. those published by The National Institute of Standards & Technology (currently SP800-63b section 5); 2. the SANS (SysAdmin, Audit, Network, Security Institute) Password Construction Guidelines (currently SANS document section 4)and

Electronic Security Requirements. a. The Requestor, by this agreement, certifies it and its authorized end users have an information security program in place that follow current industry design and best practices, including, but not limited to those published by The National Institute of Standards & Technology (NIST), the SANS (SysAdmin, Audit, Network, Security (SANS) Institute), and other recognized bodies to prevent unauthorized electronic access to RMV data or to its database. b. For All Requestors , using any Access Method, Requestor agrees that it and its authorized end users, at a minimum, will do the following: i. Have written procedures in place to ensure the electronic safety, physical security and confidentiality of RMV data in accordance with paragraph 10 of this Agreement; ii. Have written procedures in place that ensure RMV data is accessed only for permitted uses under the DPPA and consistent with paragraph 10 of this Agreement. c. For Requestors Who Select Web Services or SFTP Option under Paragraph 3. Requestor agrees to do the following: i. Assign a unique ID to each end user who will access RMV data. ii. Implement and ensure that any authorized end users implement written password policies and procedures that follow current industry design and best practices such as: 1. those published by The National Institute of Standards & Technology (currently SP800-63b SP800‐63b section 5); 2. the SANS (SysAdmin, Audit, Network, Security Institute) Password Construction Guidelines (currently SANS document section 4)and