Safeguarding requirements and procedures for unclassified controlled technical information Sample Clauses

Safeguarding requirements and procedures for unclassified controlled technical information. The Contractor shall provide adequate security to safeguard unclassified controlled technical information from compromise. To provide adequate security, the Contractor shall— (1) Implement information systems security in its project, enterprise, or company-wide unclassified information technology system(s) that may have unclassified controlled technical information resident on or transiting through them. The information systems security program shall implement, at a minimum— (i) The specified National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 53 security controls identified in the following table; or (ii) If a NIST control is not implemented, the Contractor shall submit to the Contracting Officer a written explanation of how— (A) The required security control identified in the following table is not applicable; or (B) An alternative control or protective measure is used to achieve equivalent protection. (2) Apply other information systems security requirements when the Contractor reasonably determines that information systems security measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security in a dynamic environment based on an assessed risk or vulnerability. Minimum required security controls for unclassified controlled technical information requiring safeguarding in accordance with paragraph (d) of this clause. (A description of the security controls is in the NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations” (xxxx://xxxx.xxxx.xxx/publications/PubsSPs.html).) Access Control Audit & Accountability Identification and Authentication Media Protection System & Comm Protection AC-4 AU-6(1) IA-5(1) SC-7 AC-6 AU-7 Physical and Environmental Protection SC-8(1) AC-17(2) IR-4 PE-5 SC-15 AC-18(1) Configuration Management IR-5 SC-28 AC-19 CM-2 IR-6 Program Management AC-20(1) CM-6 PM-10 System & Information Integrity Awareness & Training Contingency Planning MA-6 AC: Access Control MA: Maintenance AT: Awareness and Training MP: Media Protection AU: Auditing and Accountability PE: Physical & Environmental Protection CM: Configuration Management PM: Program Management CP: Contingency Planning RA: Risk Assessment IA: Identification and Authentication SC: System & Communications Protection IR: Incident Response SI: System & Information Integrity
Sample 1Sample 2Sample 3See All (6)
AutoNDA by SimpleDocs
Safeguarding requirements and procedures for unclassified controlled technical information. The Contractor shall provide adequate security to safeguard unclassified controlled technical information from compromise. To provide adequate security, the Contractor shall— (1) Implement information systems security in its project, enterprise, or company-wide unclassified information technology system(s) that may have unclassified controlled technical information resident on or transiting through them. The information systems security program shall implement, at a minimum— (i) The specified National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security controls identified in the following table; or (ii) If a NIST control is not implemented, the Contractor shall submit to the Contracting Officer a written explanation of how— (A) The required security control identified in the following table is not applicable; or (B) An alternative control or protective measure is used to achieve equivalent protection. (2) Apply other information systems security requirements when the Contractor reasonably determines that information systems security measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security in a dynamic environment based on an assessed risk or vulnerability. Table 1 -- Minimum Security Controls for Safeguarding Minimum required security controls for unclassified controlled technical information requiring safeguarding in accordance with paragraph (d) of this clause. (A description of the security controls is in the NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations” (xxxx://xxxx.xxxx.xxx/publications/PubsSPs.html ).)
Sample 1

Related to Safeguarding requirements and procedures for unclassified controlled technical information

  • Safeguarding requirements and procedures (1) The Contractor shall apply the following basic safeguarding requirements and procedures to protect covered contractor information systems. Requirements and procedures for basic safeguarding of covered contractor information systems shall include, at a minimum, the following security controls: (i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems). (ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute. (iii) Verify and control/limit connections to and use of external information systems. (iv) Control information posted or processed on publicly accessible information systems. (v) Identify information system users, processes acting on behalf of users, or devices. (vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems. (vii) Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse. (viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals. (ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. (x) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems. (xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks. (xii) Identify, report, and correct information and information system flaws in a timely manner. (xiii) Provide protection from malicious code at appropriate locations within organizational information systems. (xiv) Update malicious code protection mechanisms when new releases are available. (xv) Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

  • Compliance with Safeguarding Customer Information Requirements The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616, and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Seller information regarding the implementation of such security measures upon the reasonable request of the Seller.

  • Performance of Services in Accordance with Regulatory Requirements; Furnishing of Books and Records In performing the services set forth in this Agreement, the Manager: A. shall conform with the 1940 Act and all rules and regulations thereunder, with all other applicable federal, state and foreign laws and regulations, with any applicable procedures adopted by the Trust’s Board of Trustees, and with the provisions of the Trust’s Registration Statement filed on Form N-1A as supplemented or amended from time to time; B. will make available to the Trust, promptly upon request, any of the Fund’s books and records as are maintained under this Agreement, and will furnish to regulatory authorities having the requisite authority any such books and records and any information or reports in connection with the Manager’s services under this Agreement that may be requested in order to ascertain whether the operations of the Trust are being conducted in a manner consistent with applicable laws and regulations.

  • Compliance Policies and Procedures To assist the Fund in complying with Rule 38a-1 of the 1940 Act, BBH&Co. represents that it has adopted written policies and procedures reasonably designed to prevent violation of the federal securities laws in fulfilling its obligations under the Agreement and that it has in place a compliance program to monitor its compliance with those policies and procedures. BBH&Co will upon request provide the Fund with information about our compliance program as mutually agreed.

  • Human and Financial Resources to Implement Safeguards Requirements The Borrower shall make available necessary budgetary and human resources to fully implement the EMP and the RP.

  • Definition of Customer Information Any Customer Information will remain the sole and exclusive property of the Trust. “Customer Information” shall mean all non-public, personally identifiable information as defined by Xxxxx-Xxxxx-Xxxxxx Act of 1999, as amended, and its implementing regulations (e.g., SEC Regulation S-P and Federal Reserve Board Regulation P) (collectively, the “GLB Act”).

  • Safeguarding Customer Information The Servicer has implemented and will maintain security measures designed to meet the objectives of the Interagency Guidelines Establishing Standards for Safeguarding Customer Information published in final form on February 1, 2001, 66 Fed. Reg. 8616 and the rules promulgated thereunder, as amended from time to time (the “Guidelines”). The Servicer shall promptly provide the Master Servicer, the Trustee and the NIMS Insurer information reasonably available to it regarding such security measures upon the reasonable request of the Master Servicer, the Trustee and the NIMS Insurer which information shall include, but not be limited to, any Statement on Auditing Standards (SAS) No. 70 report covering the Servicer’s operations, and any other audit reports, summaries of test results or equivalent measures taken by the Servicer with respect to its security measures to the extent reasonably necessary in order for the Seller to satisfy its obligations under the Guidelines.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • Safeguards for Personal Information Supplier agrees to develop, implement, maintain, and use administrative, technical, and physical safeguards, as deemed appropriate by DXC, to preserve the security, integrity and confidentiality of, and to prevent intentional or unintentional non-permitted or violating use or disclosure of, and to protect against unauthorized access to or accidental or unlawful destruction, loss, or alteration of, the Personal Information Processed, created for or received from or on behalf of DXC in connection with the Services, functions or transactions to be provided under or contemplated by this Agreement. Such safeguards shall meet all applicable legal standards (including any encryption requirements imposed by law) and shall meet or exceed accepted security standards in the industry, such as ISO 27001/27002. Supplier agrees to document and keep these safeguards current and shall make the documentation available to DXC upon request. Supplier shall ensure that only Supplier’s employees or representatives who may be required to assist Supplier in meeting its obligations under this Agreement shall have access to the Personal Information.

  • EDD Independent Subrecipient Reporting Requirements Effective January 1, 2001, the County of Orange is required to file in accordance with subdivision (a) of Section 6041A of the Internal Revenue Code for services received from a “service provider” to whom the County pays $600 or more or with whom the County enters into a contract for $600 or more within a single calendar year. The purpose of this reporting requirement is to increase child support collection by helping to locate parents who are delinquent in their child support obligations. The term “service provider” is defined in California Unemployment Insurance Code Section 1088.8, Subparagraph B.2 as “an individual who is not an employee of the service recipient for California purposes and who received compensation or executes a contract for services performed for that service recipient within or without the State.” The term is further defined by the California Employment Development Department to refer specifically to independent Subrecipients. An independent Subrecipient is defined as “an individual who is not an employee of the ... government entity for California purposes and who receives compensation or executes a contract for services performed for that ... government entity either in or outside of California.” The reporting requirement does not apply to corporations, general partnerships, limited liability partnerships, and limited liability companies. Additional information on this reporting requirement can be found at the California Employment Development Department web site located at xxxx://xxx.xxx.xx.xxx/Employer_Services.htm

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!