Technical Security Requirements Sample Clauses

Technical Security Requirements. 6.1. The systems used to access or manage DCC Data must be under the management authority of the Contractor and have a minimum set of security policy configuration enforced. Such configuration shall be described in the Security Management Plan, and include consideration of: 6.1.1. firewalls and other perimeter security controls; 6.1.2. malicious software protection such as anti-virus software; 6.1.3. password complexity, lifespan and management; 6.1.4. security dependencies and responsibilities on suppliers for hosted or ‘cloud’ services and systems. 6.2. When DCC Data resides on a mobile, removable or physically uncontrolled device it must be stored encrypted using a product or service that is recognised as providing a standard to Good Industry Practice. 6.3. The ‘principle of least privilege’ (the practice of limiting systems, processes and user access to the minimum possible level) shall be applied to the design and configuration of IT equipment used to provide the Services. 6.4. The Contractor shall operate an access control regime to ensure all users and administrators of the Contractor System are uniquely identified and authenticated when accessing or administrating the Contractor System. Applying the ‘principle of least privilege’, users and administrators shall be allowed access only to those parts of the Contractor System they require. The Contractor shall retain an audit record of accesses. 6.5. The Contractor shall ensure that any systems hosting internet-facing web services as part of the Services, whether part of the Contractor System or those provided by a sub-contractor, will be designed to ensure that: 6.5.1. user connections are appropriately secured and encrypted using transport layer security with an appropriate selection of cipher suites in accordance with Good Industry Practice; 6.5.2. user input is processed in a way to detect and prevent malformed input intended to cause undesired behaviour; 6.5.3. users cannot submit uniform resource locators that enable security controls to be bypassed or that cause undesired behaviour; and 6.5.4. use of the Services is subject to security event audit recording and monitoring so that malicious behaviour is detected and responded to in a timely manner.
AutoNDA by SimpleDocs
Technical Security Requirements. The Service will:  Ensure that any Council data which resides on a mobile, removable or physically uncontrolled device is stored encrypted using a product which has been formally assured through a recognised certification process.  Ensure that any Council data which it causes to be transmitted over any public network (including the Internet, mobile networks or un-protected enterprise network) or to a mobile device shall be encrypted when transmitted.  Must operate an appropriate access control regime to ensure users and administrators are uniquely identified.  Ensure that any device which is used to process Council data meets all of the security requirements set out in the National Cyber Security Centre (NCSC) End User Devices Platform Security Guidance.  At their own cost and expense, procure an IT Health Check from a certified supplier and penetration test performed prior to any live data being transferred into their systems.  Perform a technical information risk assessment on the service supplied and be able to demonstrate what controls are in place to address those risks.  Collect audit records which relate to security events in delivery of the Service or that would support the analysis of potential and actual compromises. The retention period for audit records and event logs shall be a minimum of 6 months.  Must be able to demonstrate they can supply a copy of all data on request or at termination, and must be able to securely erase or destroy all data and media that the Council data has been stored and processed on.  Not, and will procure that none of its sub-contractors, process the Council’s data outside the European Economic Area (EEA).  Implement security patches to vulnerabilities in accordance with the timescales specified in the NCSC Cloud Security Principle 5.  Ensure that the service is designed in accordance with NCSC principles, security design principles for digital services, bulk data and cloud security principle.  Implement such additional measures as agreed with the Council from time to time in order to ensure that such information is safeguarded in accordance with the applicable legislative and regulatory obligations.

Related to Technical Security Requirements

  • Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

  • Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • Facility Requirements 1. Maintain wheelchair accessibility to program activities according to governing law, including the Americans With Disabilities Act (ADA), as applicable. 2. Provide service site(s) that will promote attainment of Contractor’s program objectives. Arrange the physical environment to support those activities. 3. Decrease program costs when possible by procuring items at no cost from County surplus stores and by accepting delivery of such items by County.

  • Safety Requirements The Contractor shall comply with all Federal, State, and local safety laws and regulations applicable to the Work performed under this Agreement.

  • Accessibility Requirements Under Tex. Gov’t Code Chapter 2054, Subchapter M, and implementing rules of the Texas Department of Information Resources, the System Agency must procure Products and services that comply with the Accessibility Standards when those Products are available in the commercial marketplace or when those Products are developed in response to a procurement solicitation. Accordingly, Grantee must provide electronic and information resources and associated Product documentation and technical support that comply with the Accessibility Standards.

  • Residency Requirements 1. All single first-year freshmen students are required to live in University housing for at least two academic semesters. All single students who have earned less than 30 credit hours and have not resided in University housing for two academic semesters are required to live on campus for two academic semesters. This policy does not apply to single first-year students who have been out of high school for more than one year, or to single first-year freshmen who live with their parents in Miami-Dade or Broward Counties. Neither does it apply to those students who, for disciplinary or administrative reasons, may be denied the privilege of continued residency on campus. 2. Undergraduate students residing in University housing must be regularly enrolled students of the University, taking a minimum of 12 credit hours each semester. Graduate students (when housed by exception) must carry a minimum of nine credit hours per semester. To apply and sign-up for University Village apartments, students must have 45 or more completed academic credits. In order to move into University Village, students must have 60 or more completed academic credits or have completed 4 academic semesters at the University and be achieving satisfactory academic progress as defined by the University Bulletin.

  • E-Verify Requirements To the extent applicable under ARIZ. REV. STAT. § 41- 4401, the Contractor and its subcontractors warrant compliance with all federal immigration laws and regulations that relate to their employees and their compliance with the E-verify requirements under ARIZ. REV. STAT. § 23-214(A). Contractor’s or its subcontractor’s failure to comply with such warranty shall be deemed a material breach of this Agreement and may result in the termination of this Agreement by the City.

  • City Requirements Design, construction, materials, sizing, other specifications, permitting, inspections, testing, documentation and furnishing of as-built drawings, and acceptance of completed infrastructure shall be in accordance with City Requirements. Design and construction shall be by professionals licensed in the state of North Carolina to do the relevant work. City approval of the design of the Improvements shall be required prior to construction, as set forth in City Requirements. If Developer is connecting to the County sewer system, the City may require Developer to furnish the contract providing for such connection.

  • Quality Requirements Performance Indicator Heading Indicator (specific) Threshold Method of Measurement Frequency of monitoring Consequence of Breach

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!