Information Exchange Security. The security of the information being passed on this two-way connection is protected through the use of FIPS 140-2 validated encryption, which protects the data in-transit and at rest. The MTW Expansion application is hosted in the Salesforce Government Cloud (Gov Cloud), which has a FedRAMP Moderate Authority to Operate (ATO) and Department of Defense Impact Level 4 Provisional Authorization (PA). These authorizations enable organizations to transmit, process, and store sensitive information such as personally identifiable information (PII). Gov Cloud also provides the following: U.S. Data Centers: Customer Data is processed and stored solely within the continental U.S U.S. Citizens: Operated and supported by screened U.S. citizens as applicable. Salesforce’s approach to information security governance is structured around the ISO 27001/27002 framework and consistent with the requirements identified in NIST SP 800-53. All users are granted Role Based Access Control (RBAC) and the concept of least privilege is applied to support control and access to data elements within the system. The default user authentication mechanism for the Salesforce Government Cloud requests that a user provide a username and password (credentials) to establish a connection. The Salesforce Government Cloud does not use cookies to store confidential user and session information [AC-2, IA-2]. Trusted Behavior Expectations. HUD's system and users are expected to protect Organization B’s ABC database, and Organization B's system and users are expected to protect HUD's MTW Expansion application, in accordance with the Privacy Act and Trade Secrets Act (18 U.S. Code 1905) and the Unauthorized Access Act (18 U.S. Code 2701 and 2710).
Information Exchange Security. The connection with CBP is via the public Internet, over a AES 256 bit protected VPN tunnel.
Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls (i.e., NIST 800-53) are in place and maintained on all components connected to the systems. DHS CISA and the shall protect the data in order to maintain confidentiality, integrity, and availability of the data and information systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations. Specific protocols and ports that are needed to support this interconnection are provided in Attachment A: Ports and protocols not specifically defined in Attachment A will be approved by DHS firewall change control procedures.
Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. 1 See xxxxx://xxx.xxxxxx.xxx/govcloud-us/ for additional information. 2 Physical and environmental safeguards of DHS-hosted components are fulfilled by AWS and have been independently audited to the Federal Risk and Authorization Management Program (FedRAMP) requirements. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls are in place and maintained on all components connected to the systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations.
Information Exchange Security. [Enter a description of all system security technical services pertinent to the secure exchange of information/data among and between the systems in question.]
Information Exchange Security. All data transferred between systems will be encrypted over secure web interfaces via the authorized API connection maintained by USAC. The user agent requesting access must be capable of accepting cookies and following all HTTP redirects. Only authenticated requests through an encrypted channel which will be submitted using the HTTPS (“SSL/TLS”), will be accepted. The connection authorization mechanism restricts each authenticated API user to only the data related to the companies (i.e. study area codes in NLAD) assigned to them as well as restricting them to specific API operations and resources that are provisioned by USAC. The security of the information being passed on these two-way connections will be protected in accordance with requirements set forth in this ISA. Both parties agree to maintain the connections at each end in a controlled access environment that includes the use of authorized access codes (passwords or public key infrastructure (“PKI”)) to restrict access and to safeguard the data by utilizing encryption for data in transit and at rest.
Information Exchange Security. The information exchanged between VENDOR and CAFS requires the lender using the vendor solution has a valid CLS account.
Information Exchange Security. The security of the information being passed on this connection {specify; e.
Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies.
1 Physical and environmental safeguards of DHS-hosted components are fulfilled by AWS and have been independently audited to the Federal Risk and Authorization Management Program (FedRAMP) requirements. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls (i.e., NIST 800-53) are in place and maintained on all components connected to the systems. DHS CISA and the [EXTERNAL] shall protect the data in order to maintain confidentiality, integrity, and availability of the data and information systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations. Specific protocols and ports that are needed to support this interconnection are provided in attachment A: Ports and protocols not specifically defined in Attachment A will be approved by DHS firewall change control procedures.
Information Exchange Security. All data transferred between systems will be encrypted over secure web interfaces via the authorized API connection maintained by USAC. The user agent requesting access must be capable of accepting cookies and following all HTTP redirects. Only authenticated requests through an encrypted channel which will be submitted using the HTTPS (SSL/TLS), will be accepted. The connection authorization mechanism restricts each authenticated API user to only the data related to the companies (i.e. study area codes in NLAD) assigned to them as well as restricting them to specific API operations and resources that are provisioned by USAC. The security of the information being passed on these two-way connections will be protected in accordance with requirements set forth in this ISA. Both parties agree to maintain the connections at each end in a controlled access environment that includes the use of authorized access codes (passwords or public key infrastructure (PKI)) to restrict access and to safeguard the data by utilizing encryption for data in transit and at rest. Trusted Behavior Expectations. USAC’s system and users are expected to protect SERVICE PROVIDER’s system. SERVICE PROVIDER's system and employees (including contractors and subcontractors) with access to the system interconnection are expected to protect USAC’s pre-production and production environment servers for the NV and/or NLAD in accordance with the Federal Information Security Modernization Act (“FISMA”), Privacy Act (5 U.S.C. § 552a), Trade Secrets Act (18 U.S.C. § 1905), Unauthorized Access Act (18 U.S.C. § 2701), and NIST and OMB requirements. In addition, SERVICE PROVIDER may not take actions that impose an unreasonable or disproportionately large load on the infrastructure of the NV and/or NLAD system connections and USAC reserves the right to limit or stop connection transaction rates in order to safeguard USAC’s systems during peak system transaction volumes or for system maintenance activities.
