Information Security Management/Cybersecurity Clause Samples

The Information Security Management/Cybersecurity clause establishes requirements for protecting sensitive data and maintaining robust cybersecurity practices within an organization or between contracting parties. Typically, it outlines standards for data handling, access controls, incident response procedures, and may require compliance with recognized security frameworks or regular security assessments. This clause serves to minimize the risk of data breaches, ensure regulatory compliance, and provide clear expectations for safeguarding information assets.
Information Security Management/Cybersecurity. The objective of cybersecurity is to protect Marine Corps information from internal and external threats and attacks, while ensuring the confidentiality, integrity, and availability of information. To achieve cybersecurity objectives, the Contractor shall adhere to the requirements of Marine Corps Order (MCO) 5239.2B and DoD Instruction 8510.01, “Risk Management Framework (RMF) for DoD IT” for GCSS-MC/LCM Increment 1, and ensure that applicable personnel are certified in accordance with Appendix 4 in SECNAV M- 5239.2 Cyberspace Information Technology and Cybersecurity Workforce Management and Qualification Manual. The Contractor shall support all assessment and authorization activities throughout the system life cycle in accordance with the latest releases or revisions of the cybersecurity policies. The Contractor shall participate in cybersecurity and vulnerability assessment scan reviews and provide technical guidance and solutions implementing cybersecurity best practices which will increase the security of the system and mitigate or eliminate vulnerabilities. The technical guidance and solutions must align with applicable STIGs. The Contractor shall apply security updates and patches to software and operating systems and conduct verification testing. The Contractor shall document all findings in a weekly cybersecurity status report. The Contractor shall review IAVAs, Information Assurance Vulnerability Bulletins (IAVBs), Technical Advisories, Communications Tasking Orders, Marine Corps Directives, Operational Directives, CPUs, vulnerability alerts, and vendor notifications to determine applicability to GCSS-MC/LCM Increment 1 and to assess impact and provide assessment to the ISSM. The Contractor will track, report status and provide remediation recommendations for the vulnerabilities. The Contractor shall provide an impact assessment of CPUs if there is an impact to RICECPW and document the assessment in CR. This impact analysis shall include a detailed estimate to modify the RICECPW element for compatibility with the impacted CPUs. The impact assessment shall indicate if no changes are required. The Contractor shall maintain a Security Plan of Actions & Milestones (POAM) (CDRL E001) that lists all vulnerabilities identified by every assessment that identifies vulnerability. The Contractor shall provide encrypted RICECPW code to the GCSS-MC ISSM for code review when updates occur. When the Contractor receives the code review results from the GCSS-MC I...
View SourceView Similar (2)

Related to Information Security Management/Cybersecurity

  • Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.

  • Information Security IET information security management practices, policies and regulatory compliance requirements are aimed at assuring the confidentiality, integrity and availability of Customer information. The UC ▇▇▇▇▇ Cyber-safety Policy, UC ▇▇▇▇▇ Security Standards Policy (PPM Section 310-22), is adopted by the campus and IET to define the responsibilities and key practices for assuring the security of UC ▇▇▇▇▇ computing systems and electronic data.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. (2) The Information Security Program shall require encryption of any Personal Information in electronic format while in transit or in storage, and enhanced controls and standards for transport and disposal of physical media containing Personal Information. DTI shall, and shall require its agents, contractors and subcontractors who access or use Personal Information or Confidential Information to, regularly test key controls, systems and procedures relating to the Information Security Program ("ISP Tests"). DTI shall advise the Funds of any material issues identified in the ISP Tests potentially affecting the Information Security Program. (3) DTI shall comply with its Information Security Program.

  • INFORMATION SECURITY SCHEDULE All capitalized terms not defined in this Information Security Schedule (this “Security Schedule”) shall have the meanings ascribed to them in the Transfer Agency and Service Agreement by and between DST and each of the funds listed on Exhibit A thereto (each such fund, or series thereof, severally, and not jointly, the “Fund”) dated March 1, 2022 (the “Agreement”). DST and Fund hereby agree that DST shall maintain and comply with an information security policy (“Security Policy”) that satisfies the requirements set forth below; provided, that, because information security is a highly dynamic space (where laws, regulations and threats are constantly changing), DST reserves the right to make changes to its information security controls at any time and at the sole discretion of DST in a manner that it believes does not materially reduce the protection it applies to Fund Data. From time to time, DST may subcontract services performed under the Agreement (to the extent provided for under the Agreement) or provide access to Fund Data or its network to a subcontractor or other third party; provided, that, such subcontractor or third party implements and maintains security measures DST believes are at least as stringent as those described in this Security Schedule. For the purposes of this Schedule “prevailing industry practices and standards” refers to standards among financial institutions, including mutual funds, and third parties providing financial services to financial institutions.

  • Security Systems The Service may not be compatible with security systems. You may be required to maintain a telephone connection through your local exchange carrier in order to use any alarm monitoring functions for any security system installed in your home or business. You are responsible for contacting the alarm monitoring company to test the compatibility of any alarm monitoring or security system with the Service.