Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.
Security Safeguards (1) Each party acknowledges that it is solely responsible for determining and communicating to the other the appropriate technological, physical, and organizational security measures required to protect Personal Data.
Security System The site and the Work area may be protected by limited access security systems. An initial access code number will be issued to the Contractor by the County. Thereafter, all costs for changing the access code due to changes in personnel or required substitution of contracts shall be paid by the Contractor and may be deducted from payments due or to become due to the Contractor. Furthermore, any alarms originating from the Contractor’s operations shall also be paid by the Contractor and may be deducted from payments due or to become due to the Contractor.
Configuration Management The Contractor shall maintain a configuration management program, which shall provide for the administrative and functional systems necessary for configuration identification, control, status accounting and reporting, to ensure configuration identity with the UCEU and associated cables produced by the Contractor. The Contractor shall maintain a Contractor approved Configuration Management Plan that complies with ANSI/EIA-649 2011. Notwithstanding ANSI/EIA-649 2011, the Contractor’s configuration management program shall comply with the VLS Configuration Management Plans, TL130-AD-PLN-010-VLS, and shall comply with the following:
Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.
Access Management The Engineer shall coordinate and evaluate access management within the project limits in accordance with the latest State Access Management Manual or as directed by the State.
Security Services CONTRACTOR shall provide security services designed for preventing escapes, maintaining order, providing care, custody, control, supervision and management of the inmate population. A successful security program depends heavily on staff training, effective administration, and the establishment of inmate programs. The organization, staffing, and administration of the security program are vital to the Facility. The direction provided by a well-organized and clearly articulated operations manual, and emergency planning provides a solid base for successful administration. The final operations manual shall be submitted to the Bureau prior to the Service Commencement Date and shall be reviewed annually and updated as needed. Documentation of the review shall be provided annually to the On- Site Contract Monitor. Changes to the plan require written permission by the Contract Manager. The Department reserves the right to require changes to plans submitted to the Bureau.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Security Systems The Service may not be compatible with security systems. You may be required to maintain a telephone connection through your local exchange carrier in order to use any alarm monitoring functions for any security system installed in your home or business. You are responsible for contacting the alarm monitoring company to test the compatibility of any alarm monitoring or security system with the Service.
Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.
