Supplier will. a. Establish and maintain baseline configurations and inventories of information systems throughout the respective system development life cycles. b. Establish and enforce security configuration settings for information technology products employed in information systems. c. Identify, document and approve any deviations from established configuration settings. d. Review the information system(s) annually, at minimum, to identify unnecessary and/or insecure functions, ports, protocols, and services. e. Disable unnecessary and/or insecure functions, ports, protocols, and services. f. Develop and document an inventory of information system components, including “open source” code incorporated in, or used to derive, any deliverable provided to Verizon, which will be provided to Verizon upon request. g. Establish policies governing the installation of software by users, enforce software installation restrictions, and monitor policy compliance.
Appears in 4 contracts
Samples: Transfer and Servicing Agreement (Verizon Master Trust), Transfer and Servicing Agreement (Verizon Master Trust), Transfer and Servicing Agreement (Verizon Master Trust)