Technical Security Controls Clause Samples
The Technical Security Controls clause defines the specific technological measures and safeguards that must be implemented to protect data and systems from unauthorized access, breaches, or other security threats. This typically includes requirements such as encryption, firewalls, access controls, regular security audits, and secure data transmission protocols. By clearly outlining these mandatory controls, the clause ensures that both parties understand their obligations to maintain a secure environment, thereby reducing the risk of data breaches and ensuring compliance with relevant security standards.
POPULAR SAMPLE Copied 1 times
Technical Security Controls. 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.
Technical Security Controls. 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY
Technical Security Controls. With respect to KnowBe4 infrastructure that processes, stores, or transmits Customer Confidential Information, KnowBe4 will use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):
a. Network Protection
(i) Network based firewalls or equivalent
(ii) Network intrusion detection/protection systems
Technical Security Controls. With respect to information technology infrastructure, servers, databases, or networks that Process, store, or transmit Data, Supplier shall use the following technical security controls where applicable (and keep them current by incorporating and using all updates commercially available):
Technical Security Controls. Access Policy
Technical Security Controls. 1 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 2 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 3 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 4 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 5 COUNTY.
Technical Security Controls. By executing this Agreement, CONTRACTOR, for itself, and its assignees and successors in interest, agrees as follows:
Technical Security Controls. A. Workstation/Laptop Encryption. All workstations and laptops, which use, store and/or process PII, must be encrypted using a FIPS 140-2 certified algorithm 128 bit or higher, such as Advanced Encryption Standard (AES). The encryption solution must be full disk. It is encouraged, when available and when feasible, that the encryption be 256 bit.
Technical Security Controls. 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140–2 certified algorithm DocuSign Envelope ID: BB2DBDF4-FD05-4D02-A0FE-074FE18D982A 1 which is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by 2 the COUNTY.
Technical Security Controls. The State of California Office of Information Security (OIS) and SSA have adopted the National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 53, Security and Privacy controls for Information Systems and Organizations, and NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. OIS and SSA require organizations to comply and maintain the minimum standards outlined in NIST SP 800-53 when working with PII and SSA data. County Department/Agency shall, at a minimum, implement an information security program that effectively manages risk in accordance with the Systems Security Standards and Requirements outlined in this Section of this Agreement. Guidance regarding implementation of NIST SP 800-53 is available in the Statewide Information Management Manual (SIMM), SIMM-5300-A, which is hereby incorporated into this Agreement (Exhibit C) and available upon request. DHCS and CDSS will enter into a separate PSA with California Statewide Automated Welfare System (CalSAWS) Joint Powers Authority specific to the CalSAWS. Any requirements for data systems in this PSA would only apply to County Department/Agency’s locally operated/administered systems that access, store, or process Medi-Cal PII.
A. Systems Security Standards and Requirements
1. Access Control (AC)
2. Procedures to facilitate the implementation of the access control policy and associated access control controls; b. Review and update the current access control procedures with the organization-defined frequency. Supplemental Guidance (from NIST 800-53) This control addresses the establishment of policy and procedures for the effective implementation of selected security controls and control enhancements in the AC family. Policy and procedures reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Security program policies and procedures at the organization level may make the need for system-specific policies and procedures unnecessary. The policy can be included as part of the general information security policy for organizations or conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. The procedures can be established for the security program in general and for particular information systems, if needed. The organizational risk management strategy is a key factor in establishing policy and procedures. Related control: PM-9. Control Number AC...