Security Requirements For Federal Sample Clauses

Open Split View

Download

Share

Cite

Security Requirements For Federal. Information Technology Resources, HHSAR 352.239-72, (January 2010)

Sample 1Sample 2Sample 3See All (13)

Save

Copy

Related to Security Requirements For Federal

• Eligibility Requirements for Owner Trustee The Owner Trustee shall at all times be a corporation satisfying the provisions of Section 3807(a) of the Statutory Trust Statute; authorized to exercise corporate trust powers; having a combined capital and surplus of at least $50,000,000 and subject to supervision or examination by federal or state authorities; and having (or having a parent that has) a rating of at least Baa3 by Moody's or is otherwise acceptable to the Rating Agencies. If such corporation shall publish reports of condition at least annually pursuant to law or to the requirements of the aforesaid supervising or examining authority, then for the purpose of this Section, the combined capital and surplus of such corporation shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. In case at any time the Owner Trustee shall cease to be eligible in accordance with the provisions of this Section 9.01, the Owner Trustee shall resign immediately in the manner and with the effect specified in Section 9.02.

• Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

• Eligibility Requirements for Trustees The Trustee hereunder shall at all times be (i) an institution insured by the FDIC, (ii) a Corporation organized and doing business under the laws of the United States of America or of any state, authorized under such laws to exercise corporate trust powers, having a combined capital and surplus of not less than $50,000,000 and subject to supervision or examination by federal or state authority and (iii) acceptable to the Rating Agencies. If such Corporation publishes reports of condition at least annually, pursuant to law or to the requirements of any aforementioned supervising or examining authority, then for the purposes of this Section 8.06, the combined capital and surplus of such Corporation shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. The Delaware Trustee hereunder shall at all times have its principal place of business in the State of Delaware and shall satisfy the applicable requirements under the laws of the State of Delaware authorizing it to act as the Delaware trustee of the Trust. In case at any time the Trustee or the Delaware Trustee shall cease to be eligible in accordance with the provisions of this Section 8.06, such trustee shall resign immediately in the manner and with the effect specified in Section 8.07.

• Eligibility Requirements for Trustee The Trustee hereunder shall at all times be a corporation or a national banking association having its principal office in a state and city acceptable to the Company and organized and doing business under the laws of such state or the United States of America, authorized under such laws to exercise corporate trust powers, having a combined capital and surplus of at least $50,000,000 and subject to supervision or examination by federal or state authority. If such corporation or national banking association publishes reports of condition at least annually, pursuant to law or to the requirements of the aforesaid supervising or examining authority, then for the purposes of this Section the combined capital and surplus of such corporation shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. In case at any time the Trustee shall cease to be eligible in accordance with the provisions of this Section, the Trustee shall resign immediately in the manner and with the effect specified in Section 8.07.

• Eligibility Requirements for the Trustee The Trustee hereunder shall at all times be a corporation or association organized and doing business under the laws of a state or the United States of America, authorized under such laws to exercise corporate trust powers, having a combined capital and surplus of at least $50,000,000, subject to supervision or examination by federal or state authority and with a credit rating which would not cause either of the Rating Agencies to reduce their respective then current ratings of the Certificates (or having provided such security from time to time as is sufficient to avoid such reduction) as evidenced in writing by each Rating Agency. If such corporation or association publishes reports of condition at least annually, pursuant to law or to the requirements of the aforesaid supervising or examining authority, then for the purposes of this Section 8.06 the combined capital and surplus of such corporation or association shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. In case at any time the Trustee shall cease to be eligible in accordance with this Section 8.06, the Trustee shall resign immediately in the manner and with the effect specified in Section 8.07. The entity serving as Trustee may have normal banking and trust relationships with the Depositor and its affiliates or the Master Servicer and its affiliates; provided, however, that such entity cannot be an affiliate of the Seller, the Depositor or the Master Servicer other than the Trustee in its role as successor to the Master Servicer.

• Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

• Eligibility Requirements for Securities Administrator The Securities Administrator hereunder shall at all times be a corporation or association organized and doing business under the laws the United States of America or any state thereof, authorized under such laws to exercise corporate trust powers, having a combined capital and surplus of at least $50,000,000, subject to supervision or examination by federal or state authority and with a credit rating of at least investment grade. If such corporation or association publishes reports of condition at least annually, pursuant to law or to the requirements of the aforesaid supervising or examining authority, then for the purposes of this Section 10.06 the combined capital and surplus of such corporation or association shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. In case at any time the Securities Administrator shall cease to be eligible in accordance with the provisions of this Section 10.06, the Securities Administrator shall resign immediately in the manner and with the effect specified in Section 10.07 hereof. The entity serving as Securities Administrator may have normal banking and trust relationships with the Depositor and its affiliates or the Trustee and its affiliates. Any successor Securities Administrator (i) may not be an originator, the Servicer, the Depositor or an affiliate of the Depositor unless the Securities Administrator functions are operated through an institutional trust department of the Securities Administrator, (ii) must be authorized to exercise corporate trust powers under the laws of its jurisdiction of organization, and (iii) must be rated at least "A/F1" by Fitch, if Fitch is a Rating Agency and rates such successor, or the equivalent rating by S&P or Moody's. If no successor Securities Administrator shall have been appoixxxx xxd shall have accepted appointment within 60 days after the Securities Administrator ceases to be the Securities Administrator pursuant to Section 10.07, then the Trustee may (but shall not be obligated to) become the successor Securities Administrator. The Depositor shall appoint a successor to the Securities Administrator in accordance with Section 10.07. The Trustee shall notify the Rating Agencies of any change of Securities Administrator.

• Eligibility Requirements for the Owner Trustee The Owner Trustee shall at all times be a bank (i) authorized to exercise corporate trust powers, (ii) having a combined capital and surplus of at least $50,000,000 and (iii) subject to supervision or examination by Federal or state authorities. If such bank shall publish reports of condition at least annually, pursuant to law or to the requirements of the aforesaid supervising or examining authority, then for the purpose of this Section, the combined capital and surplus of such corporation shall be deemed to be its combined capital and surplus as set forth in its most recent report of condition so published. The Owner Trustee shall at all times be an institution satisfying the provisions of Section 3807(a) of the Statutory Trust Statute. In case at any time the Owner Trustee shall cease to be eligible in accordance with the provisions of this Section, the Owner Trustee shall resign immediately in the manner and with the effect specified in Section 10.2.

• City Requirements Design, construction, materials, sizing, other specifications, permitting, inspections, testing, documentation and furnishing of as-built drawings, and acceptance of completed infrastructure shall be in accordance with City Requirements. Design and construction shall be by professionals licensed in the state of North Carolina to do the relevant work. City approval of the design of the Improvements shall be required prior to construction, as set forth in City Requirements. If Developer is connecting to the County sewer system, the City may require Developer to furnish the contract providing for such connection.

• New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.