SECURITY CLEARANCE REQUIREMENTS The OCO must tailor security requirements (both facility and employee), clauses, provisions, and other applicable terms and conditions specific to each task order’s solicitation and award. Only those Contractors that meet the required security clearance levels on individual task order solicitations are eligible to compete for such task orders. In general, all necessary facility and employee security clearances shall be at the expense of the Contractor. In some cases, Government offices that conduct background investigations do not have a means for accepting direct compensation from Contractors and instead charge customer agencies for the background investigations. In these cases, the Contractor shall be flexible in establishing ways of reimbursing the Government for these expenses. The individual task order should specify the terms and conditions for reimbursement, if any, for obtaining security clearances. The Contractor shall comply with all security requirements in task orders awarded under OASIS SB.
Subsidy Requests and Reporting Requirements 1. The Grantee or Management Company shall complete a CRF Subsidy Request Report - Recap of Tenant Income Certification, which provides a unit-by-unit listing of all units in the Development for whom assistance is being requested and gives detailed information including the occupants’ eligibility, set-aside requirements, amount of household rent paid, utility allowance and amount of CRF Rental Subsidy requested.
2. The CRF Subsidy Request Report - Recap of Tenant Income Certification shall be prepared as of the last day of each calendar month during the period of performance and shall be submitted to XXXXxxxxxxxx@XxxxxxxXxxxxxx.xxx and Florida Housing’s monitoring agent no later than the 15th day of the following month. The December 2020 request will be due on or before December 15th. The Grantee will submit executed Coronavirus Relief Fund Rental Assistance Applications and supporting documentation to Florida Housing’s monitoring agent within 5 days upon the monitoring agent’s request.
Credentialing Requirements Registry Operator, through the facilitation of the CZDA Provider, will request each user to provide it with information sufficient to correctly identify and locate the user. Such user information will include, without limitation, company name, contact name, address, telephone number, facsimile number, email address and IP address.
Compliance with Federal and State Work Authorization and Immigration Laws The Contractor and all subcontractors, suppliers and consultants must comply with all federal and state work authorization and immigration laws, and must certify compliance using the form set forth in Section 7 (“Georgia Security and Immigration Compliance Act Affidavits”). The required certificates must be filed with the Owner and copied maintained by the Contractor as of the beginning date of this contract and each subcontract, supplier contract, or consultant contract, and upon final payment to the subcontractor or consultant. State officials, including officials of the Georgia Department of Audits and Accounts, officials of the Owner, retain the right to inspect and audit the Project Site and employment records of the Contractor, subcontractors and consultants without notice during normal working hours until Final Completion, and as otherwise specified by law and by Rules and Regulations of the Georgia Department of Audits and Accounts.
Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Training Requirements Grantee shall:
A. Authorize and require staff (including volunteers) to attend training, conferences, and meetings as directed by DSHS;
B. Appropriately budget funds in order to meet training requirements in a timely manner, and ensure that staff and volunteers are trained as specified in the training requirements listed at xxxxx://xxx.xxxx.xxxxx.xxx/hivstd/training/ and as otherwise specified by DSHS. Grantee shall document that these training requirements are met; and
C. Ensure that staff hired for HIV and syphilis testing are trained to perform blood draws within three (3) months of employment.
Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse.
B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.
Compliance with Federal and State Laws All work performed by the Contractor, pursuant to this contract, shall be done in accordance with applicable all Federal, State, and local laws, regulations, codes, and ordinances.
Quality Assurance Requirements There are no special Quality Assurance requirements under this Agreement.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to:
(1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute;
(2) Limit unsuccessful logon attempts;
(3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions;
(4) Authorize wireless access prior to allowing such connections;
(5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity;
(6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions;
(7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles;
(8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services;
(9) Enforce a minimum password complexity and change of characters when new passwords are created;
(10) Perform maintenance on organizational systems;
(11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance;
(12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1;
(13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital;
(14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse;
(15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas;
(16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems;
(17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems;
(18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception);
(19) Protect the confidentiality of Student Data at rest;
(20) Identify, report, and correct system flaws in a timely manner;
(21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems;
(22) Monitor system security alerts and advisories and take action in response; and
(23) Update malicious code protection mechanisms when new releases are available.
