ACI will Sample Clauses
ACI will. (1) assist Vendor in documenting the security controls ACI has in place as of the Effective Date;
(2) provide contact, security policies and IT infrastructure information and any updates as they occur;
(3) assist Vendor in developing the Information Security Controls Document;
(4) review the threat identification summary and take action, as appropriate; and
(5) on a periodic basis, review the Information Security Controls Document with Vendor and provide recommended updates, as appropriate. Interim changes can be accepted but a formal review and update will be performed only every 18 months.
ACI will. (1) provide a list of devices and other required information (i.e., platform, software revision and version, IP addresses, log retention period per device) for which events and logs will be collected;
(2) update access control lists (ACLs) and firewall rules required for identified devices to communicate with Vendor; and
(3) install universal log agent on data sources, as applicable.
ACI will provide and manage physical security controls at the ACI Facilities;
ACI will. (1) assist Vendor in performing a baseline inventory of access IDs for the systems for which Vendor has security responsibility;
(2) authorize and manage non-privileged User IDs and passwords for ACI personnel for the operating systems, software tools and network infrastructure systems and devices under Vendor management;
(3) revalidate ACI privileged User IDs; and
(4) approve non-expiring passwords and policy exception requests, as appropriate.