Recommended Security Controls for Federal Information Systems Sample Clauses

Recommended Security Controls for Federal Information Systems. The PMA acknowledges that the use of unsecured telecommunications, including the Internet, to transmit individually identifiable, bidder identifiable or deducible information derived from the shared file(s) is prohibited. Further, the PMA agrees that the data must not be physically moved, transmitted, or disclosed in any way from or by the Data Custodians’ site(s) to an entity not listed on the IEA or DRA without written approval from CMS unless such movement, transmission or disclosure is required by a law. For example, CMS expects the PMA to, at minimum: Protect PII and PHI that is furnished by CMS under this Agreement from loss, theft or inadvertent disclosure; Ensure that laptops and other electronic devices/media containing PII or PHI are encrypted and password-protected; and, Send emails containing PII or PHI only if encrypted and being sent to and being received by e-mail addresses of persons authorized to receive such information. CMS reserves the right to conduct onsite inspections to monitor compliance with this Agreement and the corresponding DRA until such time CMS Data is destroyed and/or the CMS DRA is terminated. In signing this agreement and the corresponding DRA, the PMA attests that the requested data will be maintained, used, and disclosed only in a manner that is in accordance with the requirements of this agreement and the corresponding CMS DRA.
Sample 1Sample 2Sample 3See All (6)
AutoNDA by SimpleDocs
Recommended Security Controls for Federal Information Systems. All Members or subcontractors who participate in sharing sensitive data during the course of their participation in Institute activities will be required to certify that they meet the NC State Security & Compliance unit’s information security standards through an annual verification process.
Sample 1Sample 2
Recommended Security Controls for Federal Information Systems. The PMA acknowledges that the use of unsecured telecommunications, including the Internet, to transmit individually identifiable, bidder identifiable or deducible information derived from the shared file(s) is prohibited. Further, the PMA agrees that the data must not be physically moved, transmitted, or disclosed in any way from or by the Data Custodians’ site(s) to an entity not listed on the IEA or DRA without written approval from CMS unless such movement, transmission or disclosure is required by a law. For example, CMS expects the PMA to, at minimum: Protect PII and PHI that is furnished by CMS under this Agreement from loss, theft or inadvertent disclosure; Ensure that laptops and other electronic devices/media containing PII or PHI are encrypted and password-protected; and, Send emails containing PII or PHI only if encrypted and being sent to and being received by e-mail addresses of persons authorized to receive such information.
Sample 1
Recommended Security Controls for Federal Information Systems. All Members or subcontractors who participate in sharing sensitive data during the course of their participation in Institute activities will be required to certify that they meet the NC State Security & Compliance unit’s information security standards through an annual verification process. The Institute must engage in a multifaceted, risk-based activity involving management and operational personnel to categorize the security of Institute information and information systems, as described by FIPS Publication 199. Subsequent to the security categorization process, the Institute must select an appropriate set of security controls for its information systems that satisfies the minimum security requirements set forth in the Institute’s Information Security Requirements. The selected set of security controls must include one of three, appropriately tailored security control baselines from NIST Special Publication 800-53 that are associated with the designated impact levels of the organizational information systems as determined during the security categorization process. For low-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the low baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the low baseline are satisfied. For moderate-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the moderate baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the moderate baseline are satisfied. For high-impact information systems, the Institute must, at a minimum, employ appropriately tailored security controls from the high baseline of security controls defined in NIST Special Publication 800-53 and must ensure that the minimum assurance requirements associated with the high baseline are satisfied. The Institute must employ all security controls in the respective security control baselines unless specific exceptions are allowed based on the tailoring guidance provided in NIST Special Publication 800-53.
Sample 1

Related to Recommended Security Controls for Federal Information Systems

  • Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Project Monitoring Reporting Evaluation A. The Project Implementing Entity shall monitor and evaluate the progress of its activities under the Project and prepare Project Reports in accordance with the provisions of Section 5.08(b) of the General Conditions and on the basis of indicators agreed with the Bank. Each such report shall cover the period of one

  • OPERATIONAL INFORMATION (i) ISIN Code: [ ]

  • Project Monitoring Reporting and Evaluation The Recipient shall furnish to the Association each Project Report not later than forty-five (45) days after the end of each calendar semester, covering the calendar semester.

  • Security Controls Annually, upon Fund’s reasonable request, Transfer Agent shall provide Fund’s Chief Information Security Officer or his or her designee with a copy of its corporate information security controls that form the basis for Transfer Agent’s Security Policy and an opportunity to discuss Transfer Agent’s information security measures, and a high level summary of any vulnerability testing conducted by Transfer Agent on its information security controls, with a qualified member of Transfer Agent’s information technology management team. Transfer Agent shall review its Security Policy annually.

  • Access to Information Systems Access, if any, to DXC’s Information Systems is granted solely to perform the Services under this Order, and is limited to those specific DXC Information Systems, time periods and personnel as are separately agreed to by DXC and Supplier from time to time. DXC may require Supplier’s employees, subcontractors or agents to sign individual agreements prior to access to DXC’s Information Systems. Use of DXC Information Systems during other time periods or by individuals not authorized by DXC is expressly prohibited. Access is subject to DXC business control and information protection policies, standards and guidelines as may be modified from time to time. Use of any other DXC Information Systems is expressly prohibited. This prohibition applies even when an DXC Information System that Supplier is authorized to access, serves as a gateway to other Information Systems outside Supplier’s scope of authorization. Supplier agrees to access Information Systems only from specific locations approved for access by DXC. For access outside of DXC premises, DXC will designate the specific network connections to be used to access Information Systems.

  • Tools and Equipment As established by current practices, the Employer may determine and provide necessary tools, tool allowance, equipment and foul weather gear. The Employer will repair or replace employer-provided tools and equipment if damaged or worn out beyond usefulness in the normal course of business. Employees are accountable for equipment and/or tools assigned to them and will maintain them in a clean and serviceable condition.

  • Safeguards for Personal Information Supplier agrees to develop, implement, maintain, and use administrative, technical, and physical safeguards, as deemed appropriate by DXC, to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss, or alteration of, the Personal Information Processed, created for or received from or on behalf of DXC in connection with the Services, functions or transactions to be provided under or contemplated by this Agreement. Such safeguards shall meet all applicable legal standards (including any encryption requirements imposed by law) and shall meet or exceed accepted security standards in the industry, such as ISO 27001/27002. Supplier agrees to document and keep these safeguards current and shall make the documentation available to DXC upon request. Supplier shall ensure that only Supplier’s employees or representatives who may be required to assist Supplier in meeting its obligations under this Agreement shall have access to the Personal Information.

  • Accessibility of Web-Based Information and Applications For State Agency Authorized User Acquisitions: Any web-based information and applications development, or programming delivered pursuant to the contract or procurement, will comply with New York State Enterprise IT Policy NYS-P08-005, Accessibility of Web-Based Information and Applications as follows: Any web-based information and applications development, or programming delivered pursuant to the contract or procurement, will comply with New York State Enterprise IT Policy NYS-P08- 005, Accessibility of Web-Based Information and Applications as such policy may be amended, modified or superseded, which requires that state agency web-based information and applications are accessible to persons with disabilities. Web-based information and applications must conform to New York State Enterprise IT Policy NYS-P08-005 as determined by quality assurance testing. Such quality assurance testing will be conducted by the State Agency Authorized User and the results of such testing must be satisfactory to the Authorized User before web-based information and applications will be considered a qualified deliverable under the contract or procurement.

Time is Money Join Law Insider Premium to draft better contracts faster.