Vulnerability Management and Patching Sample Clauses

POPULAR SAMPLE Copied 5 times
Vulnerability Management and Patching. Contractor shall employ vulnerability management and regular application, operating system, and other infrastructure patching procedures and technologies designed to identify, assess, mitigate, and protect against new and existing security vulnerabilities and threats, including viruses, bots, and other malicious code.
View SourceView Similar (7)
Vulnerability Management and Patching. At least annually, Contractor shall perform at Contractor’s expense vulnerability tests and risk assessments of all systems that contain City Data. For Contractor’s internet perimeter network, and any of Contractor’s applications that process City Data, such testing must also include (i) penetration tests, including by use of intercept proxies to identify security vulnerabilities that cannot be discovered using automated tools, and (ii) code review or other manual verification. All tests must be performed by Contractor’s compliance team using industry recommended network security tools to identify vulnerability information. Upon written request from City, Contractor shall provide to City a Vulnerability Testing & Risk Assessment Report at the organization level including an executive summary of the results.
View SourceView Similar (5)
Vulnerability Management and Patching i) Vendor shall adhere to applicable standards governing the patch management criticality rankings and patching time frame requirements for all systems and applications including, but not limitedto, switches, routers, appliances, servers, workstation PC’s, commercial software, and open source software. ii) Vendor shall conduct comprehensive scans for known vulnerabilities on all externallyfacing systems no less than one time per month. iii) Vendor shall conduct comprehensive scans for known vulnerabilities on the entire network no less than once per quarter. iv) All critical and high vulnerabilities must be remediated within fifteen (15) days of release unless application requirements preclude such patching. Should such preclusion exist, mitigating controls offering the same level of protection must be implemented within the aforementioned time frame. v) Vendor shall ensure that all urgent, critical, and high patches are implemented in a timelymanner. Urgent and critical patches must be implemented within thirty (30) days of release unless application requirements preclude such patching. Should such preclusion exist, mitigatingcontrols offeringthe same level of protection must be implemented within the aforementioned time frame.
View Source
Vulnerability Management and Patching. 6.1. The Contractor shall conduct comprehensive scans for known vulnerabilities on all externally-facing systems not less than annually and should have a process in place for remediating identified vulnerabilities that is in accordance with Industry Standards. 6.2. The Contractor must report to the Studio all security related incidents or issues that may affect the Services and/or any the Studio’s data as soon as possible upon discovery and recommend possible remedial actions. Notwithstanding anything else in the Agreement, the Studio shall be entitled to disclose details relating to any such incident to regulatory bodies (and/or other third parties) for the purposes of reporting, understanding, mitigating against the implications of, and preventing any recurrence of, the incident.
View Source

Related to Vulnerability Management and Patching

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.

  • Virus Management DST shall maintain a malware protection program designed to deter malware infections, detect the presence of malware within DST environment.

  • Configuration Management The Contractor shall maintain a configuration management program, which shall provide for the administrative and functional systems necessary for configuration identification, control, status accounting and reporting, to ensure configuration identity with the UCEU and associated cables produced by the Contractor. The Contractor shall maintain a Contractor approved Configuration Management Plan that complies with ANSI/EIA-649 2011. Notwithstanding ANSI/EIA-649 2011, the Contractor’s configuration management program shall comply with the VLS Configuration Management Plans, TL130-AD-PLN-010-VLS, and shall comply with the following:

  • Quality Management Grantee will: 1. comply with quality management requirements as directed by the System Agency. 2. develop and implement a Quality Management Plan (QMP) that conforms with 25 TAC § 448.504 and make the QMP available to System Agency upon request. The QMP must be developed no later than the end of the first quarter of the Contract term. 3. update and revise the QMP each biennium or sooner, if necessary. ▇▇▇▇▇▇▇’s governing body will review and approve the initial QMP, within the first quarter of the Contract term, and each updated and revised QMP thereafter. The QMP must describe ▇▇▇▇▇▇▇’s methods to measure, assess, and improve - i. Implementation of evidence-based practices, programs and research-based approaches to service delivery; ii. Client/participant satisfaction with the services provided by ▇▇▇▇▇▇▇; iii. Service capacity and access to services; iv. Client/participant continuum of care; and v. Accuracy of data reported to the state. 4. participate in continuous quality improvement (CQI) activities as defined and scheduled by the state including, but not limited to data verification, performing self-reviews; submitting self-review results and supporting documentation for the state’s desk reviews; and participating in the state’s onsite or desk reviews. 5. submit plan of improvement or corrective action plan and supporting documentation as requested by System Agency. 6. participate in and actively pursue CQI activities that support performance and outcomes improvement. 7. respond to consultation recommendations by System Agency, which may include, but are not limited to the following: i. Staff training; ii. Self-monitoring activities guided by System Agency, including use of quality management tools to self-identify compliance issues; and iii. Monitoring of performance reports in the System Agency electronic clinical management system.