Critical Security and Privacy Controls Clause Samples

Critical Security and Privacy Controls. The critical controls the Web-broker must implement before Web-broker is able to submit any transactions to the FFE production system for individual market enrollments through the FFEs or SBE-FPs and/or assist Qualified Employers and Qualified Employees in purchasing and enrolling in coverage through an FF-SHOP or SBE-FP SHOP: a. Email/Web Browser Protections – Including, but not limited to, assurance that transfer protocols are secure and limits the threat of communications being intercepted. NEE SSP SC-7, AU-10, SC-1, SC-4, SC-8, SC-8(1), SC-8(2), SC- 13, SC-23, SC-28, and SC-CMS-1 controls. b. Malware Protection – Including, but not limited to, protections against known threat vectors within the system’s environment to mitigate damage/security breaches. NEE SSP ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, and SC-CMS-1 controls. c. Patch Management – Including, but not limited to, ensuring every client and server is up to date with the latest security patches throughout the environment. NEE SSP ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, CM-9, and CM-11 controls. d. Vulnerability Management – Including, but not limited to, identifying, classifying, remediating, and mitigating vulnerabilities on a continual basis by conducting periodic vulnerability scans to identify weaknesses within an environment. NEE SSP AU-2, AU-6, ▇▇-▇, ▇▇-▇, ▇▇-▇(▇), ▇▇-▇(▇), ▇▇-▇, and SI-5 controls. e. Inventory of Software/Hardware – Including, but not limited to, maintaining an Inventory of hardware/software within the environment helps to identify vulnerable aspects left open to threat vectors without performing vulnerability scans and to have specific knowledge of what is within the system’s environment. NEE SSP ▇▇-▇, ▇▇-▇, ▇▇-▇, and PE-18 controls. f. Account Management – Including, but not limited to, the determination of who/what has access to the system’s environment and data and also maintain access controls to the system. NEE SSP AC-1, AC-2, AC-3, AC-3(9), AC-6, AC-8, AC-14, AC-17, ▇▇-▇▇, ▇▇-▇▇, ▇▇-▇▇, ▇▇-▇▇, ▇▇-▇, ▇▇-▇, IA-2(1), IA- 2(2), IA-2(3), IA-2(8), IA-2(11), ▇▇-▇, ▇▇-▇, ▇▇-▇, IA-5(2), IA-5(3), IA-5(7), IA-5(11), IA-5(15), IA-5(1), ▇▇-▇, ▇▇-▇, IA-, ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, and PS-5 controls. g. Configuration Management – Including, but not limited to, defining the baseline configurations of the servers and endpoints of a system to mitigate threat factors that can be utilized to gain access to the system/data. NEE SSP ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, ▇▇-▇, CM-9, and CM-11 controls. h. Incident Response...
View SourceView Similar (2)
Critical Security and Privacy Controls. The critical controls the WBE must implement before WBE is able to submit any transactions to the FFE production system: a. Email/Web Browser Protections – Including but not limited to assurance that transfer protocols are secure and limits the threat of communications being intercepted.
View Source

Related to Critical Security and Privacy Controls

  • Security and Privacy Security and privacy policies for the Genesys Cloud Service addressing use of Customer Data, which are incorporated by reference and may be updated from time to time in accordance with Section 10.12 of the Agreement, are located at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/articles/purecloud-security-compliance/.

  • Data Security and Privacy Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, the Company and each of its Subsidiaries (i) is in compliance with all Data Security Requirements and (ii) has taken commercially reasonable steps consistent with standard industry practice by companies of similar size and maturity, and in compliance in all material respects with all Data Security Requirements to protect (A) the confidentiality, integrity, availability and security of its Business Systems that are involved in the Processing of Personally Identifiable Information, in the conduct of the business of the Company and its Subsidiaries as currently conducted; and (B) Personally Identifiable Information Processed by or on behalf of the Company or such Subsidiary or on their behalf from unauthorized use, access, disclosure, theft and modification. Except as would not, individually or in the aggregate, reasonably be expected to be material to the business of the Company Group, taken as a whole, (i) there are, and since January 1, 2022, have been, no pending complaints, investigations, inquiries, notices, enforcement proceedings, or Actions by or before any Governmental Authority and (ii) since January 1, 2022, no fines or other penalties have been imposed on or written claims, notice, complaints or other communications have been received by the Company or any Subsidiary, relating to any Specified Data Breach or alleging non-compliance with any Data Security Requirement. The Company and each of its Subsidiaries have not, since January 1, 2022, (1) experienced any Specified Data Breaches, or (2) been involved in any Legal Proceedings related to or alleging any violation of any Data Security Requirements by the Company Group or any Specified Data Breaches, each except as would not be material to the business of the Company Group, taken as a whole. The consummation of the transactions contemplated by this Agreement will not cause the Company Group to breach any Data Security Requirement, except as would not reasonably be expected to be material to the business of the Company Group, taken as a whole.

  • Data Security and Privacy Plan As more fully described herein, throughout the term of the Master Agreement, Vendor will have a Data Security and Privacy Plan in place to protect the confidentiality, privacy and security of the Protected Data it receives from the District. Vendor’s Plan for protecting the District’s Protected Data includes, but is not limited to, its agreement to comply with the terms of the District’s Bill of Rights for Data Security and Privacy, a copy of which is set forth below and has been signed by the Vendor. Additional components of Vendor’s Data Security and Privacy Plan for protection of the District’s Protected Data throughout the term of the Master Agreement are as follows: (a) Vendor will implement all state, federal, and local data security and privacy requirements including those contained within the Master Agreement and this Data Sharing and Confidentiality Agreement, consistent with the District’s data security and privacy policy. (b) Vendor will have specific administrative, operational and technical safeguards and practices in place to protect Protected Data that it receives from the District under the Master Agreement. (c) Vendor will comply with all obligations contained within the section set forth in this Exhibit below entitled “Supplemental Information about a Master Agreement between Chazy Central Rural School District and [Name of Vendor].” Vendor’s obligations described within this section include, but are not limited to: (i) its obligation to require subcontractors or other authorized persons or entities to whom it may disclose Protected Data (if any) to execute written agreements acknowledging that the data protection obligations imposed on Vendor by state and federal law and the Master Agreement shall apply to the subcontractor, and (ii) its obligation to follow certain procedures for the return, transition, deletion and/or destruction of Protected Data upon termination, expiration or assignment (to the extent authorized) of the Master Agreement. (d) Vendor has provided or will provide training on the federal and state laws governing confidentiality of Protected Data for any of its officers or employees (or officers or employees of any of its subcontractors or assignees) who will have access to Protected Data, prior to their receiving access. (e) Vendor will manage data security and privacy incidents that implicate Protected Data and will develop and implement plans to identify breaches and unauthorized disclosures. Vendor will provide prompt notification to the District of any breaches or unauthorized disclosures of Protected Data in accordance with the provisions of Section 5 of this Data Sharing and Confidentiality Agreement.

  • Electronic and Information Resources Accessibility and Security Standards a. Applicability: The following Electronic and Information Resources (“EIR”) requirements apply to the Contract because the Grantee performs services that include EIR that the System Agency's employees are required or permitted to access or members of the public are required or permitted to access. This Section does not apply to incidental uses of EIR in the performance of the Agreement, unless the Parties agree that the EIR will become property of the State of Texas or will be used by HHSC’s clients or recipients after completion of the Agreement. Nothing in this section is intended to prescribe the use of particular designs or technologies or to prevent the use of alternative technologies, provided they result in substantially equivalent or greater access to and use of a Product.

  • PERSONAL INFORMATION PRIVACY AND SECURITY CONTRACT 11 Any reference to statutory, regulatory, or contractual language herein shall be to such language as in 12 effect or as amended. 13 A. DEFINITIONS