Host Security. Provider will have three security components in place for Internet facing servers: (i) “hardened” operating system (OS) builds; (ii) on-host security monitors; and (iii) a secure audit log repository. Provider’s data center will comply with the requirements for SSAE 16 and SOC 2 as set forth in Section 1.5 (Security) of the Agreement.
Host Security. First Community Bank web server does not connect directly to the Internet. It is buffered from the Internet through the use of a firewall. All access from outside the bank must go through this firewall, which screens the requests and allows only valid https traffic to reach the server. First Community Bank Internet Banking makes use of an ICSA-certified firewall.
Host Security a. The ASP must disclose how and to what extent the hosts or servers (Unix, Windows, etc.) comprising its application infrastructure have been hardened against potential threats and attack vectors. The ASP shall provide any hardening documentation it has for the Department or authorizing External Entity’s application infrastructure as well.
b. The ASP must provide a methodology and plan for ensuring systems are patched or updated according to industry best practices and guidelines. Patches include, but are not limited to, host OS, web server, database, and any other system or application.
c. The ASP must disclose its processes for monitoring the confidentiality, integrity and availability of those hosts.
d. The ASP must provide to the Department information on its password policy for the application infrastructure, including minimum password length, password generation guidelines, and how often passwords are changed.
e. The ASP must provide information on account creation, maintenance, and termination processes, for service, system, and user accounts. This should include information as to how an account is created, how account information is communicated to the user, and how accounts are terminated when no longer needed.
Host Security. (a) Company has tools implemented to detect and remediate software viruses and other malware on all systems used to access, process, or host BMC applications or BMC Data.
(b) Company implements host intrusion detection/prevention services covering all infrastructures on which BMC Data and applications are stored.
(c) Company performs vulnerability assessments and operating system hardening for all platforms used to process, store, or host BMC Data.
(d) Company has implemented a security patch and vulnerability management process to make sure operating systems and applications remain at current levels. Company attests that application and operating system security patches are applied within 30 days of such patches being made available from the relevant Company.
(e) Company follows a practice of annual third-party penetration testing and application security scans of hosts and applications relating to BMC services.
(f) Company has implemented logging solution for all infrastructure and applications hosting BMC Data.
(g) Company maintains an inventory of all assets and related parties used in providing service to BMC.
Host Security. 1. The ASP must disclose how and to what extent the hosts (Unix, NT, etc.) comprising the University of Louisiana at Lafayette application infrastructure have been hardened against attack. If the ASP has hardening documentation for the CAI, provide that as well.
2. The ASP must provide a listing of current patches on hosts, including host OS patches, web servers, databases, and any other material application.
3. Information on how and when security patches will be applied must be provided. How does the ASP keep up on security vulnerabilities, and what is the policy for applying security patches?
4. The ASP must disclose their processes for monitoring the integrity and availability of those hosts.
5. The ASP must provide information on their password policy for the University of Louisiana at Lafayette application infrastructure, including minimum password length, password generation guidelines, and how often passwords are changed.
6. University of Louisiana at Lafayette cannot provide internal usernames/passwords for account generation, as the company is not comfortable with internal passwords being in the hands of third parties. With that restriction, how will the ASP authenticate users? (e.g., LDAP, Netegrity, Client certificates.)
7. The ASP must provide information on the account generation, maintenance and termination process, for both maintenance as well as user accounts. Include information as to how an account is created, how account information is transmitted back to the user, and how accounts are terminated when no longer needed.
Host Security. Family Bank web server does not connect directly to the Internet. It is buffered from the Internet through the use of a firewall. All access from outside the bank must go through this firewall, which screens the requests and allows only valid https traffic to reach the server.
Host Security. Hardening Users are validated by a hardened server in the DMZ zone using SSL encryption. After validation, only communication through one port is allowed from the DMZ to the server farm. The servers are protected by a pair of fully managed Cisco PIX 515E firewalls with redundant failover configuration. Only services required by the MegaMation application are active. Patches The Microsoft notification network is monitored daily by MegaMation staff. Critical patches are applied as released and standard Microsoft patches are applied monthly. DirectLine patches are applied as required by MegaMation. Host Monitoring MegaMation servers are monitored to ensure availability and performance. MegaMation maintains and follows strict processes for firewall management, as well as for ongoing monitoring of security activity at the firewall. Firewall provisioning, change management, alerting, monitoring, backups, support and reporting activities follow well- defined processes based on industry best practices. MegaMation has established thresholds for suspicious activity on this firewall, which will generate a security alert to the MegaMation managed security services team on a 7/24 basis. The MegaMation managed security services team will follow an incident management process to evaluate the risk of this security alert and take appropriate actions.
Host Security. In general, host security is left up to the business partner that "owns" the host. As necessary, the Healtheon ProviderLink network will provide information to the host system to satisfy the security requirements. In the case of COSMOS, Healtheon ProviderLink site IDs are associated with Unisys user IDs. Also associated with each Unisys user ID are transaction codes (tran xxxes) and UHC provider IDs. When transactions are performed to COSMOS, the site ID is converted to a Unisys user ID; then the user ID and tran xxxe are checked to ensure access is allowed. For provider sensitive transactions (referrals, claim status, etc.), the provider association is also verified.
Host Security. Note: The focus shall be on the intended purposes of each layer and will describe the components to be deployed and documented in the Campaign Finance Installation and Configuration guide.
Host Security. Note: The focus shall be on the intended purposes of each layer and will describe the components to be deployed and documented in the SCORE II Installation and Configuration guide
