Technical Security Requirements Clause Samples

POPULAR SAMPLE Copied 1 times
Technical Security Requirements. 6.1. The systems used to access or manage DCC Data must be under the management authority of the Contractor and have a minimum set of security policy configuration enforced. Such configuration shall be described in the Security Management Plan, and include consideration of: 6.1.1. firewalls and other perimeter security controls; 6.1.2. malicious software protection such as anti-virus software; 6.1.3. password complexity, lifespan and management; 6.1.4. security dependencies and responsibilities on suppliers for hosted or ‘cloud’ services and systems. 6.2. When DCC Data resides on a mobile, removable or physically uncontrolled device it must be stored encrypted using a product or service that is recognised as providing a standard to Good Industry Practice. 6.3. The ‘principle of least privilege’ (the practice of limiting systems, processes and user access to the minimum possible level) shall be applied to the design and configuration of IT equipment used to provide the Services. 6.4. The Contractor shall operate an access control regime to ensure all users and administrators of the Contractor System are uniquely identified and authenticated when accessing or administrating the Contractor System. Applying the ‘principle of least privilege’, users and administrators shall be allowed access only to those parts of the Contractor System they require. The Contractor shall retain an audit record of accesses. 6.5. The Contractor shall ensure that any systems hosting internet-facing web services as part of the Services, whether part of the Contractor System or those provided by a sub-contractor, will be designed to ensure that: 6.5.1. user connections are appropriately secured and encrypted using transport layer security with an appropriate selection of cipher suites in accordance with Good Industry Practice; 6.5.2. user input is processed in a way to detect and prevent malformed input intended to cause undesired behaviour; 6.5.3. users cannot submit uniform resource locators that enable security controls to be bypassed or that cause undesired behaviour; and 6.5.4. use of the Services is subject to security event audit recording and monitoring so that malicious behaviour is detected and responded to in a timely manner.
View SourceView Similar (4)
Technical Security Requirements. The Service will:  Ensure that any Council data which resides on a mobile, removable or physically uncontrolled device is stored encrypted using a product which has been formally assured through a recognised certification process.  Ensure that any Council data which it causes to be transmitted over any public network (including the Internet, mobile networks or un-protected enterprise network) or to a mobile device shall be encrypted when transmitted.  Must operate an appropriate access control regime to ensure users and administrators are uniquely identified.  Ensure that any device which is used to process Council data meets all of the security requirements set out in the National Cyber Security Centre (NCSC) End User Devices Platform Security Guidance.  At their own cost and expense, procure an IT Health Check from a certified supplier and penetration test performed prior to any live data being transferred into their systems.  Perform a technical information risk assessment on the service supplied and be able to demonstrate what controls are in place to address those risks.  Collect audit records which relate to security events in delivery of the Service or that would support the analysis of potential and actual compromises. The retention period for audit records and event logs shall be a minimum of 6 months.  Must be able to demonstrate they can supply a copy of all data on request or at termination, and must be able to securely erase or destroy all data and media that the Council data has been stored and processed on.  Not, and will procure that none of its sub-contractors, process the Council’s data outside the European Economic Area (EEA).  Implement security patches to vulnerabilities in accordance with the timescales specified in the NCSC Cloud Security Principle 5.  Ensure that the service is designed in accordance with NCSC principles, security design principles for digital services, bulk data and cloud security principle.  Implement such additional measures as agreed with the Council from time to time in order to ensure that such information is safeguarded in accordance with the applicable legislative and regulatory obligations.
View SourceView Similar (2)

Related to Technical Security Requirements

  • Security Requirements 7.1 The Authority will review the Contractor’s Security Plan when submitted by the Contractor in accordance with the Schedule (Security Requirements and Plan) and at least annually thereafter.

  • Federal Medicaid System Security Requirements Compliance Party shall provide a security plan, risk assessment, and security controls review document within three months of the start date of this Agreement (and update it annually thereafter) in order to support audit compliance with 45 CFR 95.621 subpart F, ADP System Security Requirements and Review Process.

  • Data Security Requirements Without limiting Contractor’s obligation of confidentiality as further described in this Contract, Contractor must establish, maintain, and enforce a data privacy program and an information and cyber security program, including safety, physical, and technical security and resiliency policies and procedures, that comply with the requirements set forth in this Contract and, to the extent such programs are consistent with and not less protective than the requirements set forth in this Contract and are at least equal to applicable best industry practices and standards (NIST 800-53).

  • Facility Requirements 1. Maintain wheelchair accessibility to program activities according to governing law, including the Americans With Disabilities Act (ADA), as applicable. 2. Provide service site(s) that will promote attainment of Contractor’s program objectives. Arrange the physical environment to support those activities. 3. Decrease program costs when possible by procuring items at no cost from County surplus stores and by accepting delivery of such items by County.

  • Safety Requirements Prior to setting sail the Operator of the Sector 43 Vessel shall detail and identify any vessel safety operating procedures and 44 other important information to the assigned ASM. The Sector Member 45 acknowledges that an ASM must complete a pre‐trip vessel safety checklist 46 as provided by NMFS prior to leaving port. An ASM cannot be deployed on 1 a vessel that has failed to review the safety issues, and such vessel is 2 prohibited from leaving port without the ASM on board (unless a waiver is 3 granted). For the safety of the vessels captain, crew and the ASM; the ASM 4 will not be allowed on deck any time that gear is being deployed. 5 6 The Sector and its Members note that each ASM must be provided with all 7 the equipment specified by the NEFOP. It is the responsibility of the 8 individual ASM and its employer to ensure that all equipment is in good