Common use of System Security Clause in Contracts

System Security. Contractor shall ensure systems used in delivery of services under this Contract are adequately secure. For purposes of this Contract, adequate security is defined to require compliance with federal and State of Montana security requirements and to ensure freedom from those conditions that may impair the State's use of its data and information technology or permit unauthorized access to the State's data or information technology. The State of Montana has established control standards and policies that align with the NIST Cybersecurity Framework. The latest revision of NIST SP 800-53 is used for control adherence evaluation established after developing a security categorization utilizing FIPS PUB 199. Thus, Contractor shall provide reasonable proof, through independent audit reports, that the system specified under this Agreement meets or exceeds federal and State of Montana security requirements to ensure adequate security and privacy, confidentiality, integrity, and availability of the State's data and information technology. Annual assurance statements shall be delivered to the Contract Liaison. Annual assurance statements must contain a detailed accounting of the security controls provided and must be in the form of a NIST Security Assessment Report or FedRAMP Security Assessment Report.

System Security. Contractor shall will ensure systems used in delivery of services delivered under this Contract are adequately secure. For purposes of this Contract, adequate security is defined to require compliance with federal and State of Montana security requirements and to ensure freedom from those conditions that may impair the State's ’s use of its data and information technology or permit unauthorized access to the State's ’s data or information technology. The State of Montana has established control standards and policies that align with the NIST Cybersecurity Framework. The latest revision of NIST SP 800-53 is used for control adherence evaluation established after developing a security categorization utilizing FIPS PUB 199. Thus, Contractor shall will provide reasonable proof, through independent audit reports, that the system specified under this Agreement Contract meets or exceeds federal and State of Montana security requirements to ensure adequate security and privacy, confidentiality, integrity, and availability of the State's ’s data and information technology. Annual assurance statements shall will be delivered to the Contract Liaison. Annual assurance statements must contain a detailed accounting of the security controls provided and must be in the form of a NIST Security Assessment Report or FedRAMP Security Assessment Report.

System Security. Contractor shall ensure systems used in during delivery of services under this Contract are adequately secure. For purposes of this Contract, adequate security is defined to require compliance with federal and State of Montana security requirements and to ensure freedom from those conditions that may impair the StateDepartment's use of its data and information technology or permit unauthorized access to the StateDepartment's data or information technology. The State of Montana has established control standards and policies that align with the NIST Cybersecurity Framework. The latest revision of NIST SP 800-800- 53 is used for control adherence evaluation established after developing a security categorization utilizing FIPS PUB 199. Thus, Contractor shall provide reasonable proof, through independent audit reports, that the system specified under this Agreement meets or exceeds federal and State of Montana security requirements to ensure adequate security and privacy, confidentiality, integrity, and availability of the State's data and information technology. Annual assurance statements shall be delivered to the Contract Liaison. Annual assurance statements must contain a detailed accounting of the security controls provided and must be in the form of a NIST Security Assessment Report or FedRAMP Security Assessment Report.