Systems Security Requirements Sample Clauses

Systems Security Requirements. 5.1 Overview
Sample 1Sample 2Sample 3See All (11)
AutoNDA by SimpleDocs
Systems Security Requirements. 5.1 Overview  SSA must certify that the EIEP has implemented controls that meet the requirements and work as intended, before we will authorize initiating transactions to and from SSA through batch data exchange processes or online processes such as State Online Query (SOLQ) or Internet SOLQ (SOLQ-I). The Technical Systems Security Requirements (TSSRs) address management, operational, and technical aspects of security safeguards to ensure only the authorized disclosure and use of SSA-provided information by SSA’s EIEPs. SSA recommends that the EIEP develop and publish a comprehensive Systems Security Policy document that specifically addresses:  the classification of information processed and stored within the network,  administrative controls to protect the information stored and processed within the network,  access to the various systems and subsystems within the network,  Security Awareness Training,  Employee Sanctions Policy,  Incident Response Policy, and  the disposal of protected information and sensitive documents derived from the system or subsystems on the network. SSA’s systems security requirements represent the current state-of-the-practice security controls, safeguards, and countermeasures required for Federal information systems by Federal regulations, statutes, standards, and guidelines. Additionally, SSA’s systems security requirements also include organizationally defined interpretations, policies, and procedures mandated by the authority of the Commissioner of Social Security in areas when or where other cited authorities may be silent or non-specific.
Sample 1Sample 2Sample 3
Systems Security Requirements. 1. MVA must safeguard information provided under this Agreement by complying with the Systems Security Requirements (SSR) described in the Electronic Information Exchange Security Requirements,
Sample 1
Systems Security Requirements. 4.8.1.1. The Contractor shall assist the Government in establishing and maintaining a comprehensive security program for all acquisition and sustainment programs throughout the system life cycle. 4.8.1.2. The Contractor shall perform Trusted System Network (TSN) and Criticality Analysis (testing, evaluation and analysis of vulnerability assessments for Critical Program Information [CPI] and Critical Components [CCs] [e. g. Software, Hardware, Firmware, supply chain, etc.]), using different methods and techniques as required. 4.8.1.3. The Contractor shall identify and analyze programs’ CPI and CCs (Criticality Analysis). 4.8.1.4. The Contractor shall request, review, and analyze programs’ vulnerability assessments. 4.8.1.5. The Contractor shall request, review, and analyze programs’ threat assessments. 4.8.1.6. The Contractor shall conduct risk, trade-off, and cost-benefit analyses. 4.8.1.7. The Contractor shall develop and integrate system security protection and countermeasures. 4.8.1.8. The Contractor shall develop, review, and manage Security Classification Guides (SCGs). (CDRL A165) 4.8.1.9. The Contractor shall integrate, consolidate, incorporate, and streamline strategies to minimize or contain risks. 4.8.1.10. The Contractor shall manage and distribute assigned SCGs, including rewriting, editing, etc. (CDRL A165) 4.8.1.11. The Contractor shall ensure Systems Security requirements are accounted for in the Supply Chain Risk Management (SCRM) process. 4.8.1.12. The Contractor shall perform damage assessments involving associated security incidents. 4.8.1.13. The Contractor shall assist in the development and review of security related documentation, such as: • PPPs • Anti-Tamper Plans • Memorandum of Agreements • TSN Plans • Counterfeit Prevention Plans • Cybersecurity Strategies • Product Assurance and Material Control Process (authenticity verification techniques, storage, marking, handling, shipping etc.) • SCGs • Program Protection Implementation Plans (PPIPs) • Solicitations • CDRLs • Requests for Proposal (RFPs) • Statements of Work (SOWs)/PWSs • Program Protection Surveys (PPSs) • TEMPEST • Test and Evaluation (T&E) documents (e.g. T&E Master Plan (TEMP), Developmental T&E (DT&E), Operational T&E (XX&X), modeling and simulations testing, Live Fire T&E (LFT&E), family of testing interoperability, integration test, etc.). • Protection requirements contained in System Security Concepts (SSCs), Initial Capabilities Documents, Capabilities Developmen...
Sample 1
Systems Security Requirements. 1. AAMVA will safeguard the data provided under this Agreement by complying with all administrative, technical, and physical security requirements of SSA’s Systems Security Requirements (SSR) as set forth in
Sample 1
Systems Security Requirements. If Information is delivered to the Recipient in softcopy form or is stored electronically in the Recipient's Information processing system(s), the Recipient will also implement the following requirements for such Information: a. each multiple-user information processing system will have password-controlled access. Each user will have a unique user ID and associated password. Datasets will be protected and passwords will be controlled by IBM Resource Access Control Facility (RACF) or a security program providing equivalent protection. Otherwise, each dataset containing Information will be password protected and, if practical, each password will be unique. Local Area Network environments will have controls similar to the requirements set forth above. Access to Information on standalone workstations will be controlled. When such systems are not in use, Information will be secured. b. each password will be randomly selected, non- obvious and non-trivial. Log on passwords will be changed at least every 60 days. Dataset passwords will be changed at least every six months; c. dial-up facilities will be protected by a secure call-back system or other secure method; d. if required by the Discloser, Information will be encrypted when it is electronically transmitted outside the Recipient's facilities or when public communications facilities are used; e. sharing of passwords and disclosure of passwords and encryption keys will be limited to authorized persons; f. displaying and printing of passwords will be either inhibited or masked; and g. before any physical storage media containing Information is released for reuse, it will be degaussed or completely overwritten. IBM INTERNATIONAL LICENSE AGREEMENT FOR EARLY RELEASE OF PROGRAMS AND MATERIALS PART 1 - GENERAL TERMS ________________________________________________________________________________ PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE PROGRAM OR MATERIAL. IBM WILL ONLY LICENSE THE PROGRAM OR MATERIAL TO YOU IF YOU FIRST ACCEPT THE TERMS OF THIS AGREEMENT. REGARDLESS OF HOW YOU ACQUIRE THE PROGRAM OR MATERIAL (ELECTRONICALLY, PRELOADED, ON MEDIA OR OTHERWISE), BY USING THE PROGRAM OR MATERIAL YOU AGREE TO THESE TERMS.
Sample 1
Systems Security Requirements 
Sample 1Sample 2
AutoNDA by SimpleDocs

Related to Systems Security Requirements

  • Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • Facility Requirements 1. Maintain wheelchair accessibility to program activities according to governing law, including the Americans With Disabilities Act (ADA), as applicable. 2. Provide service site(s) that will promote attainment of Contractor’s program objectives. Arrange the physical environment to support those activities. 3. Decrease program costs when possible by procuring items at no cost from County surplus stores and by accepting delivery of such items by County.

  • Accessibility Requirements Under Tex. Gov’t Code Chapter 2054, Subchapter M, and implementing rules of the Texas Department of Information Resources, the System Agency must procure Products and services that comply with the Accessibility Standards when those Products are available in the commercial marketplace or when those Products are developed in response to a procurement solicitation. Accordingly, Grantee must provide electronic and information resources and associated Product documentation and technical support that comply with the Accessibility Standards.

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.

  • City Requirements Design, construction, materials, sizing, other specifications, permitting, inspections, testing, documentation and furnishing of as-built drawings, and acceptance of completed infrastructure shall be in accordance with City Requirements. Design and construction shall be by professionals licensed in the state of North Carolina to do the relevant work. City approval of the design of the Improvements shall be required prior to construction, as set forth in City Requirements. If Developer is connecting to the County sewer system, the City may require Developer to furnish the contract providing for such connection.

  • E-Verify Requirements To the extent applicable under ARIZ. REV. STAT. § 41- 4401, the Contractor and its subcontractors warrant compliance with all federal immigration laws and regulations that relate to their employees and their compliance with the E-verify requirements under ARIZ. REV. STAT. § 23-214(A). Contractor’s or its subcontractor’s failure to comply with such warranty shall be deemed a material breach of this Agreement and may result in the termination of this Agreement by the City.

  • Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.

  • Policy Requirements All of the policies of insurance referred to in this Article XIII shall be written in form reasonably satisfactory to Landlord and any Facility Mortgagee and issued by insurance companies with a minimum policyholder rating of “A-” and a financial rating of “VII” in the most recent version of Best’s Key Rating Guide, or a minimum rating of “BBB” from Standard & Poor’s or equivalent. If Tenant obtains and maintains the general liability insurance described in Section 13.1(e) above on a “claims made” basis, Tenant shall provide continuous liability coverage for claims arising during the Term. In the event such “claims made” basis policy is canceled or not renewed for any reason whatsoever (or converted to an “occurrence” basis policy), Tenant shall either obtain (a) “tail” insurance coverage converting the policies to “occurrence” basis policies providing coverage for a period of at least three (3) years beyond the expiration of the Term, or (b) an extended reporting period of at least three (3) years beyond the expiration of the Term. Tenant shall pay all of the premiums therefor, and deliver certificates thereof to Landlord prior to their effective date (and with respect to any renewal policy, prior to the expiration of the existing policy), and in the event of the failure of Tenant either to effect such insurance in the names herein called for or to pay the premiums therefor, or to deliver such certificates thereof to Landlord, at the times required, Landlord shall be entitled, but shall have no obligation, to effect such insurance and pay the premiums therefor, in which event the cost thereof, together with interest thereon at the Overdue Rate, shall be repayable to Landlord upon demand therefor. Tenant shall obtain, to the extent available on commercially reasonable terms, the agreement of each insurer, by endorsement on the policy or policies issued by it, or by independent instrument furnished to Landlord, that it will give to Landlord thirty (30) days’ (or ten (10) days’ in the case of non-payment of premium) written notice before the policy or policies in question shall be altered, allowed to expire or cancelled. Notwithstanding any provision of this Article XIII to the contrary, Landlord acknowledges and agrees that the coverage required to be maintained by Tenant may be provided under one or more policies with various deductibles or self-insurance retentions by Tenant or its Affiliates, subject to Landlord’s approval not to be unreasonably withheld. Upon written request by Xxxxxxxx, Tenant shall provide Landlord copies of the property insurance policies when issued by the insurers providing such coverage.

  • Safety Requirements The Contractor shall comply with all Federal, State, and local safety laws and regulations applicable to the Work performed under this Agreement.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!