System Security Plan Sample Clauses

System Security Plan. The Contractor shall complete the State’s System Security Plan template within ninety (90) days after execution of the Contract. After approval by the Department, the Plan shall be updated annually and resubmitted to the Department for review. (Link to DHHS template: xxxxx://xxxxx.xx.xxx/ncdit/documents/files/NC%20DIT%20SSP%20Template.201 80112.docx)
AutoNDA by SimpleDocs
System Security Plan. C.8.10.5.1 The contractor shall, upon request, provide to the Government, a system security plan (or extract thereof) and any associated plans of action developed to satisfy the adequate security requirements of DFARS 252.204-7012, and IAW NIST Special Publication (SP) 800- 171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations in effect at the time the solicitation is issued or as authorized by the contracting officer, to describe the contractors unclassified information system(s)/network(s) where covered defense information associated with the execution and performance of this contract is processed, is stored, or transmits. The contractor shall report IAW CDRL A010.
System Security Plan. The Contractor must develop and implement a security plan that provides an overview of the security requirements for the information system. If a security plan does not exist, the Contractor must provide a description of the security controls planned for meeting those requirements. The security plan must be reviewed periodically and revised to address system/organizational changes or problems.
System Security Plan. Servicer shall work with the Department to complete a System Security Plan that is at least in material compliance with the Statewide Information Security Plan: xxxxx://xxx.xxxxxx.xxx/das/OSCIO/Documents/StatewideInformationSecurityPlan.pdf dated August 1, 2018, which may be amended from time to time. A template of a System Security Plan is attached as Appendix D, which shall be used in the development process. The final System Security Plan shall be developed and finalized by Servicer, and approved by the Department, within the first 6-12 months post Agreement execution.
System Security Plan. The Contractor shall develop a Technical Report – Study/Services, POAM and Systems Security Plan (SSP) (CDRL A007) that implements the security requirements of DFARS 252.204-7012. In accordance with DFARS 252.204-7012, the SSP shall implement, at a minimum, all security requirements in NIST 800-171 (Rev. 1) standards 3.1 to 3.14; or ensure that any unimplemented security requirements have been adjudicated by an authorized representative of the DoD CIO to be non-applicable or to have an alternative, but equally effective, security measure in its place. The SSP shall provide proof of such adjudication by DoD CIO. Further, the SSP shall contain a description of the system boundary, the operational environment, how the specific security requirements are currently implemented, and the relationships with or connections to other systems. The POAM shall detail how and when the Contractor will meet all security requirements of SP 800-171 that are not fully implemented except for the requirements noted in the specific bullets below, which must be fully implemented in the SSP. The Contractor shall permit the Government to validate information in the SSP every three years, on an ad hoc basis with no notice to the Contractor, other than to coordinate any necessary security requests, but not more than five business days, or upon replacement or rotation of the Government program manager. The SSP shall:  Fully implement Multi-factor authentication, including authentication and authorization of users in a manner that is auditable  Implement FIPS 140-2 validation encryption at a minimum of Level 1  Employ the principle of least privilege or “need to know”  Require the Contractor to review, in a manner that can be audited, user privileges at least annually  Require monitoring and controlling remote access sessions and includes mechanisms to audit the session and methods

Related to System Security Plan

  • Security Plan The Operator shall develop and execute a security plan that meets the requirements of this Agreement and Article 7. The Operator shall document in the security plan the process used to ensure information systems including hardware, software, applications, and general support systems have effective security safeguards, which have been implemented, planned for, and documented. The Operator shall deliver a copy of the plan to the RIRs after each annual update.

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Service Plan 2.1 The Customer shall use the following applicable Service Plan and services during the Term:

  • Emergency Mode Operation Plan Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic DHCS PHI or PI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this Agreement for more than 24 hours.

  • System Security Review All systems processing and/or storing DHCS PHI or PI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews should include vulnerability scanning tools.

  • SEB Plan The parties agree to establish and administer a Supplemental Employment Benefits Plan (the “Plan”) as follows:

  • System Security and Data Safeguards When SAP is given access to Licensee’s systems and data, SAP shall comply with Licensee’s reasonable administrative, technical, and physical safeguards to protect such data and guard against unauthorized access. In connection with such access, Licensee shall be responsible for providing Consultants with user authorizations and passwords to access its systems and revoking such authorizations and terminating such access, as Licensee deems appropriate from time to time. Licensee shall not grant SAP access to Licensee systems or personal information (of Licensee or any third party) unless such access is essential for the performance of Services under the Agreement. The parties agree that no breach of this provision shall be deemed to have occurred in the event of SAP non-conformance with the aforementioned safeguard but where no personal information has been compromised.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Safety Plan Developer’s safety plan specifically adapted for the Project. Developer's Safety Plan shall comply with all provisions regarding Project safety, including all applicable provisions in these Construction Provisions.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!