Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.
Accessibility Requirements Under Tex. Gov’t Code Chapter 2054, Subchapter M, and implementing rules of the Texas Department of Information Resources, the System Agency must procure Products and services that comply with the Accessibility Standards when those Products are available in the commercial marketplace or when those Products are developed in response to a procurement solicitation. Accordingly, Grantee must provide electronic and information resources and associated Product documentation and technical support that comply with the Accessibility Standards.
Functional Requirements Applications must implement controls that protect against known vulnerabilities and threats, including Open Web Application Security Project (OWASP) Top 10 Risks and denial of service (DDOS) attacks.
New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.
Personnel Requirements a. The CONTRACTOR shall secure, at the CONTRACTOR'S own expense, all personnel required to perform this Contract. b. The CONTRACTOR shall ensure that the CONTRACTOR'S employees or agents are experienced and fully qualified to engage in the activities and perform the services required under this Contract, and that all applicable licensing and operating requirements imposed or required under federal, state, or county law, and all applicable accreditation and other standards of quality generally accepted in the field of the activities of such employees and agents are complied with and satisfied.
Access Requirements You will be responsible for providing the System to enable you to use an Electronic Service.
Child Abuse Reporting Requirements A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency.
Safety Requirements The Contractor shall comply with all Federal, State, and local safety laws and regulations applicable to the Work performed under this Agreement.
Technical Requirements 4.5.3.1 Tandem Switching shall have the same capabilities or equivalent capabilities as those described in Telcordia TR-TSY-000540 Issue 2R2, Tandem Supplement, June 1, 1990. The requirements for Tandem Switching include but are not limited to the following: 4.5.3.1.1 Tandem Switching shall provide signaling to establish a tandem connection; 4.5.3.1.2 Tandem Switching will provide screening as jointly agreed to by <<customer_short_name>> and BellSouth; 4.5.3.1.3 Where applicable, Tandem Switching shall provide AIN triggers supporting AIN features where such routing is not available from the originating end office switch, to the extent such Tandem switch has such capability; 4.5.3.1.4 Where applicable, Tandem Switching shall provide access to Toll Free number database; 4.5.3.1.5 Tandem Switching shall provide connectivity to Public Safety Answering Point (PSAP)s where 911 solutions are deployed and the tandem is used for 911; and 4.5.3.1.6 Where appropriate, Tandem Switching shall provide connectivity for the purpose of routing transit traffic to and from other carriers. 4.5.3.2 BellSouth may perform testing and fault isolation on the underlying switch that is providing Tandem Switching. Such testing shall be testing routinely performed by BellSouth. The results and reports of the testing shall be made available to <<customer_short_name>>. 4.5.3.3 BellSouth shall control congestion points and network abnormalities. All traffic will be restricted in a non-discriminatory manner. 4.5.3.4 Tandem Switching shall process originating toll free traffic received from <<customer_short_name>>’s local switch. 4.5.3.5 In support of AIN triggers and features, Tandem Switching shall provide SSP capabilities when these capabilities are not available from the Local Switching Network Element to the extent such Tandem Switch has such capability.
Health Requirements A. Provider shall remain in compliance with all applicable federal, state, county, and municipal, statutes, laws, ordinances, regulations, and guidelines, as well as any Board guidelines, policies, and rules in effect now or later, and as amended from time to time related to COVID-19. B. Provider shall comply with evolving requirements to protect the health and safety of Student Participants and staff, as expressed in local, and state guidance from various government agencies. This includes, but is not limited to, adhering to all health and safety guidelines issued by CPS, IDPH, and CDPH related to COVID-19. Provider acknowledges these health and safety guidelines are subject to change. C. Required health and safety practices may vary across age groups and settings. Provider shall comply, at a minimum, with all health and safety mandates issued by the State of Illinois and the City of Chicago and guidance from the Illinois State Board of Education (“ISBE”). D. Under Chicago’s March 19 Public Health Order, congregate facilities (such as long-term care facilities, childcare settings, correctional facilities, etc.) must immediately report to CDPH clusters of COVID-19 patients, defined as two or more confirmed cases of COVID-19 occurring within 14 calendar days of each other at a facility. To report positive cases, Provider must complete the COVID-19 Online Case Report Form found at the following website: xxxxx://xxxxxx.xxx.xxxxxxxx.xxx/surveys/?s=FR7MAJAY84. A copy of the current COVID-19 Online Case Report Form is attached and incorporated into this Supplemental Scope as Attachment A. Provider must also comply with additional operational, reporting and tracing requirements established by CPS. E. As of July 13, 2020, interim guidance issued by CDPH encourages notification for every COVID-19 case. For more information, see CDPH Interim Guidance on Management of COVID 19 Cases in Childcare Settings (“CDPH Guidance”) at the following link: https://xxx.xxxxxxx.xxx/content/dam/city/depts/cdph/HealthProtectionandResponse/Interim% 20Guidance%20on%20Management%20of%20COVID 19%20Cases%20in%20Childcare%20Settings%2007.13.
