Common use of Security Architecture Clause in Contracts

Security Architecture. (a) Promptly address any security and privacy events as notified at xxxx://xxx.xxxxxx.xxx/security/security-bulletins/, except those categorized as “Informational”. (b) Monitor and evaluate software running in its AWS Enterprise Accounts for known and new vulnerabilities and take the steps necessary to address such vulnerabilities. (c) Configure AWS CloudTrail where available for all Services and implement appropriate retention, monitoring, and incident response processes using AWS CloudTrail logs. (d) Enable and configure Service-specific logging features where available for all Services and implement appropriate monitoring and incident response processes. For example, without limitation, where appropriate, Customer will enable access request logging features in Amazon Elastic Load Balancing, access request logging features in Amazon S3, database logging in Amazon Relational Database Service, and other logging features available in the Services. (e) Apply appropriate resource-based policies limiting access only to authorized parties to all Services where available.

Security Architecture. (a) Promptly address any security and privacy events as notified at xxxx://xxx.xxxxxx.xxx/security/security-bulletins/, except those categorized as “Informational”. (b) Monitor and evaluate software running in its AWS Enterprise Accounts for known and new vulnerabilities and take the steps necessary to address such vulnerabilities. (c) Configure AWS CloudTrail where available for all Services and implement appropriate retention, monitoring, and incident response processes using AWS CloudTrail logs. (d) Enable and configure Service-specific logging features where available for all Services and implement appropriate monitoring and incident response processes. For example, without limitation, where appropriate, Customer will enable access request logging features in Amazon Elastic Load Balancing, access request logging features in Amazon S3, database logging in Amazon Relational Database Service, and other logging features available in the Services. (e) Apply appropriate resource-based policies limiting access only to authorized parties to all Services where available.