Security Architecture and Design Sample Clauses

Security Architecture and Design. (i) a security architecture that reasonably ensures delivery of Security Best Practices; (ii) encryption of the Customer Personal Data in transit and at rest; (iii) regular testing of security systems and security best practices; (iv) a system of effective firewall(s) and intrusion detection technologies necessary to protect Customer Personal Data; and (v) database and application layer design processes that ensure web applications are designed to protect the information data that is Processed through such systems.
AutoNDA by SimpleDocs
Security Architecture and Design. Provider represents and warrants that it has established and during the Term it will at all times maintain: (a) A security architecture that reasonably assures delivery of Security Best Practices; (b) Documented and enforced technology configuration standards; (c) Processes to encrypt Confidential Information in transmission and storage; (d) Processes to ensure regular testing of security systems and processes; (e) A system of effective firewall(s) and intrusion detection technologies necessary to protect Confidential Information; and (f) Database and Application layer design processes that ensure web site Applications are designed to protect the information data that is collect, processed, and transmitted through such systems.
Security Architecture and Design. The Contractor will maintain in-house a certified security specialist that holds one or more of the following certifications: i. Information Assurance Manager (IAM). ii. Information System Security Manager (ISSM) Certification. iii. Certified Federal Information Security Act (FISMA) Auditor. iv. International Information Systems Security Certification Consortium (ISC2) Certified Information System Security Professional (CISSP). v. Information Systems Audit and Contract Association (ISACA) Certified in Risk and Information Systems Control (CRISC). vi. ISACA Certified in the Governance of Enterprise IT (CGEIT). vii. EC Council Certified Ethical Hacker (CEH). viii. Certified EC-Council Instructor (CEI). ix. Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) Practitioner. x. Certified HIPAA Professional (CHP). xi. Certified HIPAA Security Specialist (CHSS). The Contractor will analyze the surface area vulnerability of Contractor’s Systems to ensure all known vectors of attack are considered and hardened well beyond industry best practices. The Contractor will perform a security related review of all functional and technical specifications to ensure vulnerabilities are not introduced to the system using SDLC and ITIL infrastructure change control processes. The Contractor’s System shall not allow access without secure User authentication and resource authorization (specific functionality). All login User names must be unique and be associated with an industry best-practices strong password. Users must change passwords on a configured expiration timeframe and the reuse of passwords will be limited. The Contractor will use VPN appliances to secure all remote connectivity needs within infrastructure. These appliances will provide intrusion detection and prevention, malware protection and packet level scanning real-time while continuing to maintain a very low latency and responsive connection. The Contractor’s System shall be deployed on a no single point of failure topology that allows the Contractor to recover from a failure of any element within the infrastructure. Fault tolerance and failovers are accomplished with both redundancy of critical hardware such as routers, switches, firewalls, and server hosts load balanced servers and routing. The Contractor will: i. Provide security-related input into IT infrastructure, system, and application design. ii. Leverage published industry standards and models to apply security best practices. ii...
Security Architecture and Design. Provider has established and, during the term of the Agreement, will maintain: A security architecture designed to support Industry Standard Security Practices. Documented and enforced technology configuration standards. Processes to encrypt Personal Data, including all backup copies of the same, in transmission and in storage, including storage on any portable media when such media is required to perform the Services, using current industry standard methods (AES 256bit or higher). Processes for regular testing of security systems and processes on an annual basis or more frequently as appropriate. A system of effective firewall(s) and intrusion detection technologies to protect Personal Data. Database and application layer design processes that include data protection requirements to protect Personal Data that is collected, processed, and transmitted through such systems. Procedures to backup critical systems that contain Personal Data no less frequently than weekly.
Security Architecture and Design. In connection with its Services hereunder, Security Architecture and Design Domain is applied in the following ways: a. servers are hardened to industry standards and monitored through an enterprise- level security management program; b. multiple infrastructure penetration tests, ethical hacks and scans against Internet- facing applications are performed annually; and c. maintenance and security patches are risk-ranked, tested and applied according to industry-standard timeframes.
Security Architecture and Design. Supplier agrees that it has established and during the Term it will maintain: *
Security Architecture and Design. Supplier represents and warrants that it has established and during the Term and any Termination Assistance Period it will at all times maintain: *
AutoNDA by SimpleDocs
Security Architecture and Design. The Contractor shall produce a design specification and security architecture that: o The contractor shall implement assurance overlay to achieve such trustworthiness in the information system, information system component, or information system service supporting its critical missions/business functions. o The contractor shall identify critical information system components and functions by performing a criticality analysis for information systems, information system components, or information system services decision points. o The contractor shall ensure design specification and security architecture is consistent with and supportive of the NOAA/NESDIS specified and/or mandated organizational tools. o The contractor shall ensure design specification and security architecture are accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components. o The contractor shall address RFIMS Plans Of Actions and Milestones (POA&Ms). o Is consistent with and supportive of the high-impact security architecture to demonstrate consistency with the NESDIS enterprise architecture and information security architecture; o Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and o Expresses how individual security functions, mechanisms, and services work together to provide required high- impact security capabilities and a unified approach to protection. AD-1 NIST SP 800- xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublic Final 02/2010 37, Rev. 1, Guide for ations/NIST.SP.800-37r1.pdf Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach Number Document Title Document Location Version Date AD-2 NIST SP 800-60, Rev. 1, Guide for Mapping Types of Information and Information Systems to SecurityCategories. xxxx://xxxx.xxxx.xxx/publications/nistpubs/800- 60-rev1/SP800-60_Vol1-Rev1.pdf Final 08/2008 AD-3 NOAA IT Security Policies, Regulations and Laws xxxxx://xxx.xxx.xxxx.xxx/policies/ Updated 09/2014 AD-4 NIST FIPS199, Standards for Security Categorization ofFederal Information and Information Systems xxxx://xxxx.xxxx.xxx/publications/fips/fips199/ FIPS-PUB-199-final.pdf Final 02/2004 AD-5 NIST SP 800-53 Rev 4, Security and Privacy Controls for Federal Information Systems and Organizations (most recent) xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublic ation...

Related to Security Architecture and Design

  • Trunk Group Architecture and Traffic Routing 5.2.1 The Parties shall jointly establish Access Toll Connecting Trunks between CLEC and CBT by which they will jointly provide Tandem-transported Switched Exchange Access Services to Interexchange Carriers to enable such Interexchange Carriers to originate and terminate traffic from and to CLEC's Customers. 5.2.2 Access Toll Connecting Trunks shall be used solely for the transmission and routing of Exchange Access and non-translated Toll Free traffic (e.g., 800/888) to allow CLEC’s Customers to connect to or be connected to the interexchange trunks of any Interexchange Carrier that is connected to the CBT access Tandem. 5.2.3 The Access Toll Connecting Trunks shall be one-way or two-way trunks, as mutually agreed, connecting an End Office Switch that CLEC utilizes to provide Telephone Exchange Service and Switched Exchange Access Service in the given LATA to an access Tandem Switch CBT utilizes to provide Exchange Access in the LATA.

  • Technology Upgrades Notwithstanding any other provision of this Agreement, Verizon shall have the right to deploy, upgrade, migrate and maintain its network at its discretion. The Parties acknowledge that Verizon, at its election, may deploy fiber throughout its network and that such fiber deployment may inhibit or facilitate PNG’s ability to provide service using certain technologies. Nothing in this Agreement shall limit Verizon's ability to modify its network through the incorporation of new equipment or software or otherwise. PNG shall be solely responsible for the cost and activities associated with accommodating such changes in its own network.

  • Software Maintenance Subrecipient shall apply security patches and upgrades in a timely manner and keep virus software up-to-date on all systems on which State data may be stored or accessed.

  • Information Technology Enterprise Architecture Requirements If this Contract involves information technology-related products or services, the Contractor agrees that all such products or services are compatible with any of the technology standards found at xxxxx://xxx.xx.xxx/iot/2394.htm that are applicable, including the assistive technology standard. The State may terminate this Contract for default if the terms of this paragraph are breached.

  • COMMERCIAL COMPUTER SOFTWARE If performance involves acquisition of existing computer software, the following Company Exhibit is incorporated by reference: CCS Commercial Computer Software License (Company – July 2010).

  • Contractor Licensing, etc. Notwithstanding Section 14.c, District may terminate this Contract immediately by written notice to Contractor upon denial, suspension, revocation, or non-renewal of any license, permit, or certificate that Contractor must hold to provide services under this Contract.

  • Information Systems Acquisition Development and Maintenance a. Client Data – Client Data will only be used by State Street for the purposes specified in this Agreement.

  • Procurement of Small Works Works estimated to cost $250,000 equivalent or less per contract, up to an aggregate amount not to exceed $800,000 equivalent, may be procured under lump-sum, fixed-price contracts awarded on the basis of quotations obtained from three (3) qualified domestic contractors in response to a written invitation. The invitation shall include a detailed description of the works, including basic specifications, the required completion date, a basic form of agreement acceptable to the Bank, and relevant drawings, where applicable. The award shall be made to the contractor who offers the lowest price quotation for the required work, and who has the experience and resources to complete the contract successfully. Part D: Review by the Bank of Procurement Decisions

  • Architecture The Private Improvements shall have architectural features, detailing, and design elements in accordance with the Project Schematic Drawings. All accessory screening walls or fences, if necessary, shall use similar primary material, color, and detailing as on the Private Improvements.

  • Support and Maintenance Services Information about Teradici’s support and maintenance for the Licensed Product may be found at xxxxx://xxxx.xxxxxxxx.xxx.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!