Security Vulnerability Management Clause Samples

The Security Vulnerability Management clause outlines the obligations and procedures for identifying, reporting, and addressing security vulnerabilities within a system or service. Typically, it requires regular vulnerability assessments, prompt notification of discovered issues, and timely remediation efforts, such as applying patches or implementing workarounds. This clause ensures that both parties proactively manage security risks, reducing the likelihood of data breaches or system compromises and maintaining the integrity and trustworthiness of the service.
POPULAR SAMPLE Copied 1 times
Security Vulnerability Management. Company shall maintain a vulnerability management program to identify and remediate security vulnerabilities within computing systems. This includes regular testing and a record of System remediation. Toolsets used to identify vulnerabilities are maintained with up-to-date vulnerability signatures. Results of vulnerability testing are utilized to craft an annual penetration test of Systems and networks perceived as high risk, high value, or demonstrating a need for further scrutiny. All newly deployed Systems or Systems that have experienced a high level of change will be scanned for vulnerabilities prior to production. Highly orchestrated environments with appropriate change control may be exempt from pre-deployment scanning.
View SourceView Similar (7)
Security Vulnerability Management. Scitara will operate a vulnerability management programme and capabilities that routinely identifies security risks, vulnerabilities, and issues with infrastructure, applications, systems, and processes used to support, store, process, and track the Software Services, Customer Data, and Usage Data. Further, Scitara shall remediate security risks, vulnerabilities, and issues within the terms set forth in B.11.1, B.11.2, and B.11.3. (a) Critical risk vulnerabilities, CVSS score of 9.0 or higher, shall be remediated within 7 calendar days or less, (b) High risk vulnerabilities, CVSS score of 7.0 to 8.9, shall be remediated within 30 calendar days or less, (c) Medium risk vulnerabilities, CVSS score of 4.0 to 6.9, shall be remediated within 60 days or less, and (d) Low risk vulnerabilities, CVSS score of 0.1 to 3.9, shall be remediated within 90 days or less.
View Source
Security Vulnerability Management. The Customer must ensure that all Customer Systems that store, transmit, or process Customer Data and Comtrac Data undergo vulnerability scans on a regular basis (at least once a month); and Immediately after any system change. If a vulnerability scan performed by the Customer reveals any vulnerabilities, the Customer must immediately take all steps to remediate such vulnerabilities and report to Comtrac, detailing the vulnerabilities and their remediation action taken as soon as practicable. Protection from Malware In the event that the Customer uses Customer software to access the Comtrac Services, the Customer must ensure no backdoor, time bomb, trojan horse or other computer software enables access to a third person not authorised by Comtrac. The Customer must use all reasonable endeavours to ensure that the Comtrac Services are not compromised by malware. The Customer must use anti-malware controls to help avoid malicious software gaining unauthorised access to Customer Data and Comtrac Data including malicious software originating from public networks. Denial of Service Protection The Customer must ensure that all Customer Systems and devices used to access and use the Comtrac Services are protected from Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks with appropriate technologies and solutions. Penetration Testing The Customer must engage an independent third party to perform (at its own expense) and as least once every 12 (twelve) months, penetration testing and ethical hacking activities on the Customer Systems (and solutions and software if applicable) used to access and use the Comtrac Services. Where the results of the penetration testing negatively and materially impact the Comtrac Services, the Customer shall notify Comtrac as soon as reasonably possible, making the relevant results of the testing available to Comtrac. The Customer and Comtrac shall agree on a plan to rectify the vulnerabilities with immediate effect, prioritised by criticality. Back-ups The Customer must document and implement a backup policy which takes daily copies of Customer Data and Customer Systems used in the acquisition and use of the Comtrac Services, including for system administration; Patching; and Change management to ensure that the Customer is able to determine the Customer database restore point for database rollback purposes. The following daily backups must be retained for at least three months: New and material changes; and Softwar...
View Source

Related to Security Vulnerability Management

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.

  • Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.

  • Virus Management DST shall maintain a malware protection program designed to deter malware infections, detect the presence of malware within DST environment.

  • Patch Management All workstations, laptops and other systems that process and/or store County PHI or PI must have critical security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release.