Common use of Network Access Control Clause in Contracts

Network Access Control. Access to internal, external, Provider and public network services that allow access to Supplier Information Processing Systems shall be controlled. Supplier will: (a) Ensure that current industry best practice standard authentication mechanisms for network users and equipment are in place and updated as necessary; (b) Ensure electronic perimeter controls are in place to protect Supplier Information Processing Systems from unauthorized access; (c) Ensure a stateful firewall is in place for each Internet connection and between any DMZ and the Intranet. Firewalls shall be configured to deny all traffic except the traffic that is required for business reasons. (d) Ensure authentication methods are used to control access by remote users; (e) Ensure physical and logical access to diagnostic and configuration ports is controlled; and (f) Ensure wireless implementations are only used if required for business reasons, put into practice WPA, WPA2, 802.11i or a superseding standard and must not use WEP.

Network Access Control. Access to internal, external, Provider and public network services that allow access to Supplier Xxxxx.xxx Information Processing Systems shall be controlled. Supplier Xxxxx.xxx will: (a) a. Ensure that current industry best practice standard authentication mechanisms for network users and equipment are in place and updated as necessary; b. Ensure publicly reachable servers are located on a network segment separated from the internal network by a firewall (b) Ensure electronic perimeter controls are in place to protect Supplier Information Processing Systems from unauthorized accesse.g., a DMZ); (c) c. Ensure a stateful firewall is in place for each Internet connection and between any DMZ and the Intranet. Firewalls shall be ; d. Ensure that firewalls are configured to deny all traffic except the traffic that is required for business reasons.; (d) e. Ensure authentication methods are used to control access by remote users; (e) f. Ensure physical and logical access to diagnostic and configuration ports is controlled; and (f) g. Ensure wireless implementations are only used if required for business reasons, put into practice WPA, WPA2, 802.11i or a superseding standard and must not use WEP.