Communications and Operations Management. USBFS must implement and maintain controls to prevent and detect unauthorized access, intrusions, computer viruses and other malware on its Information Systems. At a minimum these must include: • Client and server-side antivirus programs that includes the latest antivirus definitions; • A process that would install for production, within 30 days, any critical patches or security updates; • Hardening and configuration requirements meeting industry best practices, and the information security Common Control Framework (CCF), which supports information security compliance efforts at U.S. Bank, N.A. (the “Bank”) by simplifying communication of compliance requirements across numerous external authorities. The information security CCF is a set of 181 harmonized controls that represent the Bank’s information security obligations under FFIEC, PCI, NIST 800-53 rev. 3 and SOX. These controls serve as a foundational component of information security policy by providing the minimum set of external information security obligations that the Bank is required to implement to meet all legal, regulatory and contractual obligations. In addition, CCF establishes the evidence requirements control owners must maintain and produce to demonstrate a CCF control is in place.
Appears in 5 contracts
Sources: Transfer Agency and Call Center Services Agreement (Ge Investments Funds Inc), Transfer Agency and Call Center Services Agreement (Elfun Trusts), Transfer Agency and Call Center Services Agreement (Elfun Tax Exempt Income Fund)