Information Exchange Security. The security of the information being passed on this two-way connection is protected through the use of FIPS 140-2 validated encryption, which protects the data in-transit and at rest. The MTW Expansion application is hosted in the Salesforce Government Cloud (Gov Cloud), which has a FedRAMP Moderate Authority to Operate (ATO) and Department of Defense Impact Level 4 Provisional Authorization (PA). These authorizations enable organizations to transmit, process, and store sensitive information such as personally identifiable information (PII). Gov Cloud also provides the following: U.S. Data Centers: Customer Data is processed and stored solely within the continental U.S U.S. Citizens: Operated and supported by screened U.S. citizens as applicable. Salesforce’s approach to information security governance is structured around the ISO 27001/27002 framework and consistent with the requirements identified in NIST SP 800-53. All users are granted Role Based Access Control (RBAC) and the concept of least privilege is applied to support control and access to data elements within the system. The default user authentication mechanism for the Salesforce Government Cloud requests that a user provide a username and password (credentials) to establish a connection. The Salesforce Government Cloud does not use cookies to store confidential user and session information [AC-2, IA-2]. Trusted Behavior Expectations. HUD's system and users are expected to protect Organization B’s ABC database, and Organization B's system and users are expected to protect HUD's MTW Expansion application, in accordance with the Privacy Act and Trade Secrets Act (18 U.S. Code 1905) and the Unauthorized Access Act (18 U.S. Code 2701 and 2710).
Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls (i.e., NIST 800-53) are in place and maintained on all components connected to the systems. DHS CISA and the shall protect the data in order to maintain confidentiality, integrity, and availability of the data and information systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations. Specific protocols and ports that are needed to support this interconnection are provided in Attachment A: Ports and protocols not specifically defined in Attachment A will be approved by DHS firewall change control procedures.
Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. 1 See xxxxx://xxx.xxxxxx.xxx/govcloud-us/ for additional information. 2 Physical and environmental safeguards of DHS-hosted components are fulfilled by AWS and have been independently audited to the Federal Risk and Authorization Management Program (FedRAMP) requirements. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls are in place and maintained on all components connected to the systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations.
Information Exchange Security. The connection with CBP is via the public Internet, over a AES 256 bit protected VPN tunnel.
Information Exchange Security. All data transferred between systems will be encrypted over secure web interfaces via the authorized API connection maintained by USAC. The user agent requesting access must be capable of accepting cookies and following all HTTP redirects. Only authenticated requests through an encrypted channel which will be submitted using the HTTPS (“SSL/TLS”), will be accepted. The connection authorization mechanism restricts each authenticated API user to only the data related to the companies (i.e. study area codes in NLAD) assigned to them as well as restricting them to specific API operations and resources that are provisioned by USAC. The security of the information being passed on these two-way connections will be protected in accordance with requirements set forth in this ISA. Both parties agree to maintain the connections at each end in a controlled access environment that includes the use of authorized access codes (passwords or public key infrastructure (“PKI”)) to restrict access and to safeguard the data by utilizing encryption for data in transit and at rest.
Information Exchange Security. The security of VA sensitive information (see Appendix B for definition of sensitive information) being transmitted, processed or stored over any system and interconnection in support of this agreement must be FIPS 140-2 (or successor) compliant. The FIPS 140-2 compliance is not required if no VA sensitive data is transmitted. [Will VA sensitive information as defined in Appendix B be transmitted? Yes or No] If the answer is Yes, the paragraph below and the certificate number needs to be filled in. The FIPS 140-2 certificate number of [Organization 2]'s gateway cryptographic module for establishing the Virtual Private Network (VPN) tunnel is FIPS# [enter current valid certificate number#]. FIPS compliance will be validated by [VA Organization 1]. The connections at each end must be located within controlled access facilities using physical access control devices and/or guards. Individual users will not have access to the data except through the system security software inherent to the operating system. Access is controlled by authentication methods to validate the approved users.
Information Exchange Security. The FTPS protocol is used to protect the credential and information exchange between the COSMIC-PGD and INPE-COSMIC-PGD systems. INPE uses a group account with a reusable password, created by UCAR/COSMIC, which allows INPE to automate the file transfer process. The account is used for the purpose of delivering VC files to the COSMIC-PGD, and in turn receiving TLE and Pass Schedule files. This account does not have the ability to elevate privilege. UCAR/COSMIC maintains the account on the COSMIC-PGD system and determines the appropriate password strength and change policy. Both the COSMIC-PGD and INPE-COSMIC-PGD systems are located within controlled access facilities, with alarms and 24x7 monitoring. UCAR/COSMIC users access the COSMIC-PGD system over the UCAR Virtual Private Network (VPN) with multifactor authentication token. INPE-COSMIC-PGD users access the system through their "login" and "password" used for accessing all of INPE´s internal systems. Differentiated authentication rules are not applied. Individual COSMIC-PGD staff have no direct access to the INPE-COSMIC-PGD system. Individual INPE-COSMIC-PGD staff have no direct access to the COSMIC-PGD system.
Information Exchange Security. The information exchanged between VENDOR and CAFS requires the lender using the vendor solution has a valid CLS account.
Information Exchange Security. The security of the information being passed on this connection {specify; e.g. one-way} is protected through the use of {method/protocol}, {encryption methodology,} which is a FIPS 140-2, or later, approved encryption mechanism. {Encryption methodology} using the FIPS 140-2, or later, {actual mode of operation} mode of operation is provided through the {give the FIPS compliant (validated) package ; if you are using a package that is not validated but uses a FIPS compliant encryption module, state so giving the package name}. The connections at each end are located within controlled access facilities, guarded 24 hours a day. Individual users will not have access to the data except through their systems security software inherent to the operating system. Once the data has been stored on the {ETS System} all access is controlled by authentication methods to validate the approved users. Detailed security controls are specified within the {ETS Contractor} and {Agency} systems and provided in the individual system security plans. {Give document references here.} {Give what is being exchanged somewhere in this paragraph}
Information Exchange Security. [Enter a description of all system security technical services pertinent to the secure exchange of information/data among and between the systems in question.]
