Cybersecurity controls definition
Cybersecurity controls. Vendor has implemented a cyber security defence strategy in several layers as a protection against unauthorized access. Vendor will utilise one or more of the following if reasonable and appropriate: a. Firewalls; b. Web Application Firewall (WAF); c. Security Monitoring Centre; d. Antivirus software; e. Backup and recovery; f. Penetration testing; g. Intrusion detection; Transmission Controls Vendor shall take reasonable measures to ensure that it is possible to check and establish to which entities the transfer of personal data by means of data transmission facilities is envisaged so personal data cannot be read, copied, modified or removed without authorization during electronic transmission or transport. Data in-transit will be encrypted using industry standard algorithms and certificates e.g HTTPS encryption, secure communication tunnels (VPN), etc. Exceptions may include data in-transit between components of the Vendor solution within a suitably secure environment. E.g Between an application server and database server in a secure data centre. Data at rest is protected through encryption of stored data using industry standard solutions e.g. BitLocker. Input Controls Vendor shall take reasonable measures to provide that it is possible to check and establish whether and by whom personal data has been entered into data processing systems, modified or removed. Vendor shall take reasonable measures to ensure that a. the personal data source is under the control of customer; and b. personal data integrated into Vendor’s systems is managed by a secured\encrypted transfer mechanism from the customer. Data Backup Vendor shall ensure that back-ups are taken on a regular basis, are secured, and encrypted when storing personal data to protect against accidental destruction or loss when hosted by outsourced cloud infrastructure providers. Vendor will on a periodic basis ensure that it is possible to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident. Policies Vendor senior management assess and approve policies, including those related to data privacy, security and acceptable use. Policies are documented and published among all relevant personnel. Employees and contracted third parties are required to comply with policies relevant to their scope of work. New employees receive training on confidentiality obligations, information security, compliance, and data protection. Employees receive regular ...
Examples of Cybersecurity controls in a sentence
Cybersecurity controls: Vendor has implemented a cyber security defense strategy in several layers as a protection against unauthorized access.
The Contractor shall identify and document the applicable Cybersecurity controls of the latest versions of CNSSI 1253 and NIST 800-53, Revision 4 (or current) (Mission Assurance Category III, Sensitive) for the IBDSS Program or other Program/system as called out in the applicable DO.
The Contractor shall use the systems engineering process to incorporate the applicable Cybersecurity controls into the requirements, design, integration, and testing processes.