SAFEGUARD STANDARD. Contractor agrees to protect the security of Confidential Information according to all applicable laws and regulations by generally accepted information risk management security control frameworks, standards or guidelines such as the ISO/IEC 27000-series, NIST800-53, CIS Critical Security Controls for Effective Cyber Defense or HIPAA Security Rule – 45 CFR Part 160 and Subparts A and C of Part 164 and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor will implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Confidential Information. Contractor will ensure that all security measures are regularly reviewed including ongoing monitoring, monthly vulnerability testing and annual penetration and security incident response tests, revised, no less than annually, to address evolving threats and vulnerabilities while Contractor has responsibility for the Confidential Information under the terms of this Agreement.
Appears in 10 contracts
Samples: Department Terms and Conditions, Contract, Department Terms and Conditions
SAFEGUARD STANDARD. Contractor agrees to protect the security of Confidential Information according to all applicable laws and regulations by generally accepted information risk management security control frameworks, standards or guidelines such as the ISO/IEC 27000-series, NIST800NIST 800-53, CIS Critical Security Controls for Effective Cyber Defense or HIPAA Security Rule – 45 CFR Part 160 and Subparts A and C of Part 164 and no less rigorously than it protects its own confidential information, but in no case less than reasonable care. Contractor will implement, maintain and use appropriate administrative, technical and physical security measures to preserve the confidentiality, integrity and availability of the Confidential Information. Contractor will ensure that all security Security measures are regularly reviewed including ongoing monitoring, monthly vulnerability testing and annual penetration and security incident response tests, revised, no less than annually, to address evolving threats and vulnerabilities while Contractor has responsibility for the Confidential Information under the terms of this Agreement.
Appears in 3 contracts
Samples: Department Terms and Conditions, Department Terms and Conditions, Department Terms and Conditions