Common use of Information and Information Systems to Security Categories Clause in Contracts

Information and Information Systems to Security Categories. (2 Volumes) - Volume 1: Guide Volume 2: Appendices.” Security controls and subsequent assessments are done based on the final categorization. Cloud providers must be approved for at least moderate level information through the GSA FedRAMP process prior to acquiring any services. Census Bureau identifies, assesses and authorizes use based on the published FedRAMP results and an assessment of any Census Bureau (customer provided) controls implemented to protect the infrastructure and data. Security reporting on cloud providers is reported to the Department of Commerce on a regular basis under FISMA. The Census Bureau maintains a policy regarding the reporting of and response to losses of protected data in accordance with OMB Memorandum M-17-12. Known or suspected losses of protected data must be reported within one hour of its discovery to the Bureau of the Census Computer Incident Response Team (BOC CIRT) who will report as required to the United States Computer Emergency Readiness Team (US CERT). " Once the Census Bureau becomes aware of a known breach of [agency name] data, the Census Bureau will contact the identified [agency name] contacts to discuss the actions and potential remedies in regards to the incident. " [The following language must be included in all agreements and MOUs that promise to deliver a statistical product, based on Title 13 data, outside of the Census Bureau.] B: Disclosure Avoidance Review of Statistical Products: DRB Language

Information and Information Systems to Security Categories. (2 Volumes) - Volume 1: Guide Volume 2: Appendices.” Security controls and subsequent assessments are done based on the final categorization. Cloud providers must be approved for at least moderate level information through the GSA FedRAMP process prior to acquiring any services. Census Bureau identifies, assesses and authorizes use based on the published FedRAMP results and an assessment of any Census Bureau (customer provided) controls implemented to protect the infrastructure and data. Security reporting on cloud providers is reported to the Department of Commerce on a regular basis under FISMA. The Census Bureau maintains a policy regarding the reporting of and response to losses of protected data in accordance with OMB Memorandum M-17-12. Known or suspected losses of protected data must be reported within one hour of its discovery to the Bureau of the Census Computer Incident Response Team (BOC CIRT) who will report as required to the United States Computer Emergency Readiness Team (US CERT). " Once the Census Bureau becomes aware of a known breach of [agency name] data, the Census Bureau will contact the identified [agency name] contacts to discuss the actions and potential remedies in regards to the incident. " [The following language must be included in all agreements and MOUs that promise to deliver a statistical product, based on Title 13 data, outside of the Census Bureau.] B: Disclosure Avoidance Review of Statistical Products: ” DRB Language: