Access Control Requirements Clause Samples

Access Control Requirements. Access to information and technology must be authorized only by * . • Access to information and technology must be on a need-to-know, job function basis. Users must only have the minimum access rights and privileges needed to perform a particular function or transaction. • Access rights specified by an individual User * . • At least annually, a review of User access rights to information and technology must be conducted by the Information Protection Group. Review of this information must be conducted by the business process owner with oversight by the IPG. • At least semi-annually, a review of User access to information and technology identified as High Risk in the Risk Assessment Process must be conducted by the Information Protection Group. • Access must be controlled to restricted information including: • Security commands, programs, utilities, and databases; • Program libraries; • Job or process execution statement files; • User authorization profiles; • Accountability tracking logs; and • Backup files containing any of the above. • * • Access to system documentation, e.g., application documentation, User manuals, etc., must be restricted on a need-to-know, job function basis. • The development, implementation, and maintenance of application software must be approved by the Business Owner, and must be in compliance with the MSB, as well as, the American Express Application Development Standard. • All purchased, commercial software must be approved by the Business Owner, and be licensed and implemented in such a way as to be in compliance with the MSB, as well as, any applicable American Express Global Technology Standards. • The Business Unit Manager must notify the Information Protection Group immediately upon transfer, change of job responsibilities, or leave of absence of a User (employee or third-party). • When the Information Protection Group is notified that a User has transferred, changed job responsibilities, or taken a leave of absence, the Information Protection Group must immediately take steps to ensure that the User’s access privileges are revoked if those privileges no longer apply. • The Business Unit Manager must immediately notify the Information Protection Group upon termination of a User, i.e., an employee or third party. When the Information Protection Group is notified of a user termination, the Information Protection Group must take immediate action to revoke the User’s access privileges. • Virus prevention technology, (e.g., viru...
View Source
Access Control Requirements. Access to information and technology must be authorized only by * . • Access to information and technology must be * . • Access rights specified by an individual User * . • At least * , a review of User access rights to information and technology must be conducted by the * . Review of this information must be conducted by the business process owner with oversight by the * . • At least * , a review of User access to * . • Access must be controlled to restricted information including: * * • Access to system documentation, * . • The development, implementation, and maintenance of application software must be * . • All purchased, commercial software must be * . • * . • When the * . • The Business Unit Manager must immediately notify the * • * .
View Source
Access Control Requirements 
View Source

Related to Access Control Requirements

  • Personnel Requirements a. The CONTRACTOR shall secure, at the CONTRACTOR'S own expense, all personnel required to perform this Contract. b. The CONTRACTOR shall ensure that the CONTRACTOR'S employees or agents are experienced and fully qualified to engage in the activities and perform the services required under this Contract, and that all applicable licensing and operating requirements imposed or required under federal, state, or county law, and all applicable accreditation and other standards of quality generally accepted in the field of the activities of such employees and agents are complied with and satisfied.

  • Access Requirements You will be responsible for providing the System to enable you to use an Electronic Service.

  • Functional Requirements Applications must implement controls that protect against known vulnerabilities and threats, including Open Web Application Security Project (OWASP) Top 10 Risks and denial of service (DDOS) attacks.

  • General Requirements The Contractor hereby agrees:

  • Accessibility Requirements Under Tex. Gov’t Code Chapter 2054, Subchapter M, and implementing rules of the Texas Department of Information Resources, the System Agency must procure Products and services that comply with the Accessibility Standards when those Products are available in the commercial marketplace or when those Products are developed in response to a procurement solicitation. Accordingly, Grantee must provide electronic and information resources and associated Product documentation and technical support that comply with the Accessibility Standards.