OPERATIONAL SECURITY CONTROLS Sample Clauses

OPERATIONAL SECURITY CONTROLS. 1. The state CS agency shall restrict access to, and disclosure of, the FPLS information to authorized personnel who need the FPLS information to perform their official duties in connection with the authorized purposes specified in the security agreement. The state CS agency requests submitted to the FPLS are made solely to locate a parent for the purpose of establishing parentage, or establishing, setting the amount of, modifying or enforcing child support obligations, or where applicable, to locate a parent in a parental kidnapping case, establish or enforce a child custody or visitation order, and for other purposes specified in federal law and regulations. The information exchanged between state CS agencies shall be used for authorized purposes and protected against unauthorized access to reduce fraudulent activities and protect the privacy rights of individuals against unauthorized disclosure of confidential information. The state CS agency shall restrict access to, and disclosure of, the CS program information to authorized personnel who need the CS program information to perform their official duties in connection with the authorized purposes specified in the security agreement. The information exchanged between state CS agencies and all other state program information must be used for authorized purposes and protected against unauthorized access to reduce fraudulent activities and protect the privacy rights of individuals against unauthorized disclosure of confidential information. 2. The state CS agency shall label printed reports containing FPLS information and CS program information to denote the level of sensitivity of the information and limitations on distribution. The state CS agency shall maintain printed reports in a locked container when not in use and never transport FPLS information and CS program information off state CS agency premises unless required for a purpose approved by the state IV-D director or designee. When no longer needed, in accordance with the retention and disposition requirements in section III of this security agreement, the state CS agency shall destroy printed reports by shredding or burning. Policy/Requirements Traceability: HHS-OCIO Policy for Information Systems Security and Privacy (IS2P) Handbook, NIST SP 800-53 Rev 4, MP-3, MP-4, MP-5, MP-6; and 45 CFR 307.13(a) and (b) 3. The state CS agency shall deliver security and privacy awareness training for authorized personnel. The training shall include information...
Sample 1
AutoNDA by SimpleDocs
OPERATIONAL SECURITY CONTROLS. 1. The state agency must restrict access to, and disclosure of, the FPLS information to authorized personnel who need the FPLS information to perform their official duties in connection with the authorized purposes specified in the security agreement. The state agency’s requests submitted to the FPLS are made solely to locate a parent for the purpose of establishing parentage, or establishing, setting the amount of, modifying or enforcing child support obligations, or where applicable, to locate a parent in a parental kidnapping case, establish or enforce a child custody or visitation order, and for other purposes specified in federal law and regulations. The information exchanged between state agencies must be used for authorized purposes and protected against unauthorized access to reduce fraudulent activities and protect the privacy rights of individuals against unauthorized disclosure of confidential information. §§ 303.3(b)(6), 303.21 and 307.13(a) and (b); NIST SP 800-53 Rev 5, AC-3, AC-6 2. The state agency must restrict access to, and disclosure of, the child support program information to authorized personnel who need the child support program information to perform their official duties in connection with the authorized purposes specified in the security agreement. The information exchanged between state agencies and all other state program information must be used for authorized purposes and protected against unauthorized access to reduce fraudulent activities and protect the privacy rights of individuals against unauthorized disclosure of confidential information. Policy/Requirements Traceability: 45 C.F.R. §§ 95.621(f)(2), 303.21(a)(1), and 307.13(a) and (b); Federal Certification Guide, Chapter III, H-2; NIST SP 800-53 Rev 5, AC-3, AC-6 3. The state agency must label printed reports containing FPLS information and child support program information to denote the level of sensitivity of the information and limitations on distribution. The state agency must maintain printed reports in a locked container when not in use and never transport FPLS information and child support program information off state agency premises unless required for a purpose approved by the state IV-D director or designee. When no longer needed, in accordance with the retention and disposition requirements in section III of this security agreement, the state agency must destroy printed reports by shredding or burning. Policy/Requirements Traceability: HHS IS2P; NIST SP 800...
Sample 1

Related to OPERATIONAL SECURITY CONTROLS

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

  • Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.

  • Indenture Controls If and to the extent that any provision of the Notes limits, qualifies or conflicts with a provision of this Indenture, such provision of this Indenture shall control.

  • Organizational Security It is the responsibility of the individuals across the organization to comply with these practices and standards. To facilitate the corporate adherence to these practices and standards, the function of information security provides:

  • Audit Controls a. System Security Review. CONTRACTOR must ensure audit control mechanisms that record and examine system activity are in place. All systems processing and/or storing PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of COUNTY must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • National Security 28.01 The Canadian government, either directly or through its agencies, may instruct the Employer with respect to the security of information and materials and the personnel permitted to do certain work. The Union recognizes that the Employer is obliged to meet such instructions and that for such reason the Employer may refuse certain Employees access to the work or may transfer Employees covered by such instructions.

  • Quality control system (i) The Contractor shall establish a quality control mechanism to ensure compliance with the provisions of this Agreement (the “Quality Assurance Plan” or “QAP”). (ii) The Contractor shall, within 30 (thirty) days of the Appointed Date, submit to the Authority’s Engineer its Quality Assurance Plan which shall include the following: (a) organisation, duties and responsibilities, procedures, inspections and documentation; (b) quality control mechanism including sampling and testing of Materials, test frequencies, standards, acceptance criteria, testing facilities, reporting, recording and interpretation of test results, approvals, check list for site activities, and proforma for testing and calibration in accordance with the Specifications for Road and Bridge Works issued by MORTH, relevant IRC specifications and Good Industry Practice; and (c) internal quality audit system. The Authority’s Engineer shall convey its approval to the Contractor within a period of 21 (twenty-one) days of receipt of the QAP stating the modifications, if any, required, and the Contractor shall incorporate those in the QAP to the extent required for conforming with the provisions of this Clause 11.2. (iii) The Contractor shall procure all documents, apparatus and instruments, fuel, consumables, water, electricity, labour, Materials, samples, and qualified personnel as are necessary for examining and testing the Project Assets and workmanship in accordance with the Quality Assurance Plan. (iv) The cost of testing of Construction, Materials and workmanship under this Article 11 shall be borne by the Contractor.

  • Compliance Control Services (1) Support reporting to regulatory bodies and support financial statement preparation by making the Fund's accounting records available to the Trust, the Securities and Exchange Commission (the “SEC”), and the independent accountants. (2) Maintain accounting records according to the 1940 Act and regulations provided thereunder. (3) Perform its duties hereunder in compliance with all applicable laws and regulations and provide any sub-certifications reasonably requested by the Trust in connection with any certification required of the Trust pursuant to the Xxxxxxxx-Xxxxx Act of 2002 (the “SOX Act”) or any rules or regulations promulgated by the SEC thereunder, provided the same shall not be deemed to change USBFS’s standard of care as set forth herein. (4) Cooperate with the Trust’s independent accountants and take all reasonable action in the performance of its obligations under this Agreement to ensure that the necessary information is made available to such accountants for the expression of their opinion on the Fund’s financial statements without any qualification as to the scope of their examination.

  • Compliance Monitoring Grantee must be subject to compliance monitoring during the period of performance in which funds are Expended and up to three years following the closeout of all funds. In order to assure that the program can be adequately monitored, the following is required of Grantee: a. Grantee must maintain a financial tracking system provided by Florida Housing that ensures that CRF funds are Expended in accordance with the requirements in this Agreement. b. Grantee must maintain records on all awards to Eligible Persons or Households. These records must include, but are not limited to: i. Proof of income compliance (documentation from submission month, including but not limited to paystub, Florida unemployment statement, social security and/or disability statement, etc.); ii. Lease; and iii. Documentation of rental assistance payments made.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!