Identity and Access Management Sample Clauses
The Identity and Access Management clause establishes the rules and procedures for controlling who can access specific systems, data, or resources within an organization. It typically outlines requirements for user authentication, authorization levels, and the processes for granting, modifying, or revoking access rights. By defining these controls, the clause helps protect sensitive information, ensures only authorized personnel can perform certain actions, and reduces the risk of unauthorized access or data breaches.
POPULAR SAMPLE Copied 6 times
Identity and Access Management. Management of accounts, including accounts with privileged access, must prevent unauthorized access and mitigate the impacts thereof.
Identity and Access Management. Identity and Access Management are Services available via their respective MindSphere APIs. These Services are used to manage users, customers/subtenants, roles and scopes. A tenant is a representation of a real-world organization. It covers properties such as users, data, assets, entities and others. A subtenant is a certain limited resource of a tenant representing a subpart of your own real-world organization. In a MindAccess Developer Plan, a subtenant can also represent the real-world organization of a third party that you permit to test Applications for such third parties’ end use. A subtenant is also used to assign Applications and provide access to Applications.
Identity and Access Management. The Solution shall provide capabilities such as user authentication, password policy management, two factor authentication, single sign-on, and role-based access.
Identity and Access Management. The Accessing Party will permit access to the other party’s Confidential Information, and, if applicable, its Systems, solely on a need-to-know basis, and the Accessing Party will review such access on an ongoing basis. The Accessing Party will implement identity and access management of all account credentials including but not limited to: segregated accounts and credentials for each unique user, strict management of administrative accounts, and password best practices, strong passwords, removal of default passwords, and secure password storage. The Accessing Party will remove access of all Personnel who no longer require access to the other party’s Systems in accordance with the Accessing Party’s policies including immediate termination on involuntary separation.
Identity and Access Management. Provider implements access standards designed to authenticate users, permit authorized access to Data, maintain segregation of duties, and revoke access as part of employee termination or transition.
Identity and Access Management. DSHS will authorize, and will issue, any necessary information access mechanisms, including access identities (IDs) and passwords, and the Contractor agrees that the personnel to whom they are issued will use the same mechanisms. The Contractor will provide these personnel only with the minimum level of access necessary to perform the tasks and functions for which they are responsible. The Contractor will provide DSHS with an updated list of those Contractor personnel who have access to DSHS's and/or it’s Affiliates' systems, software and data, and the level of such access. The Contractor will provide this list at the request of DSHS or at least quarterly in the absence of any request from DSHS.
Identity and Access Management x. Xxxxx personnel are assigned unique usernames and are required to use strong passwords for access to Pendo’s systems. Shared accounts are not allowed unless required for specific use cases that have been authorized by the CISO.
b. Wherever technically feasible, two-factor authentication is used to access Pendo’s system and applications.
c. System access rights are granted or modified on a business-need basis depending on the user's job role and/or specific management request.
x. Xxxxx performs reviews of privileged and regular user access to production critical systems on a quarterly basis to determine access appropriateness.
e. Access controls are in place to restrict access to modify production data, other than routine transaction processing.
Identity and Access Management. 2.4.1. Use Identity and access management that includes:
a. Enforcement of the rule of least privilege by requiring application, database, network, and system administrators to restrict access of all users to only the commands, In-Scope Information, and Information Resources necessary for them to perform authorized functions. b. Controls that are in-place to limit, protect, monitor, detect and respond to all Administrative User activities. Examples of such controls that must be enforced include:
i. Separation of duties;
ii. Individual accountability; and
iii. Authorization and approval.
2.4.2. Restrict access to security logs to authorized individuals and protect security logs from unauthorized modification.
2.4.3. Assign unique UserIDs to authorized individual users, Administrative Users, and Service Accounts. Assign individual ownership to Service Accounts. If Service Accounts are shared among users, individual accountability must be maintained at all times.
2.4.4. Maintain a documented UserID lifecycle change management policy for all Information Resources across all environments that includes:
a. Manual and/or automated processes for approved account creation and/or modification;
b. Account disabling within three (3) business days of user termination or the occurrence of any other condition rendering the account as no longer needed, followed by removal of the account within ninety (90) days;
c. Disabling and/or removing inactive accounts assigned to individuals after no more than ninety (90) days of inactivity except in cases where the account is assigned to a customer of AT&T or used by a current or retired employee of AT&T to process their own information; and
d. Initiating processes to review, no less than annually, access privileges and account validity for all users including Administrative Users.
2.4.5. Limit failed login attempts to no more than six (6) consecutive attempts by locking the user account. Access to the user account can be reactivated through the use of a manual process requiring verification of the user’s identity or, where such capability exists, can be automatically reactivated after at least three (3) minutes from the last failed login attempt.
2.4.6. Terminate interactive sessions on an end user’s device, or activate a secure, locking screensaver requiring authentication, after a period of inactivity not to exceed fifteen (15) minutes. On all other Information Resources terminate inactive interactive sessions after a period not...
Identity and Access Management. Each Party shall have suitable identification and authentication controls for information systems that process classified information subject to this Memorandum of Understanding.
Identity and Access Management. ● The solution must be in compliance with the CPS Security and Access Control policies (xxxxx://xxx.xxx/AcceptableUsePolicy/Pages/platformGuidelines.aspx, xxxxx://xxxxxx.xxx.xxx/download.aspx?ID=77) ● Ensure that any consumer, including a 3rd party vendor's employees or subcontractor to whom access is granted, agrees to the same restrictions, standards, and conditions that apply through the contract with CPS, and that access to CPS data is approved by CPS. ● Ensure that any consumer, including a subcontractor, employee, or another 3rd party to whom access to data and/or information systems, agrees to implement reasonable and appropriate safeguards to ensure the confidentiality, integrity, and availability of the data and information systems. ● Maintain access controls and security policies and incident plans that comply with NIST, ISO / IEC 27001, and current CPS security policies. ● Report to the CIO or the Information Security Director of CPS within 24 hours of discovery of any security incidents that impact CPS. ● Maintain audit events according to policy and provide this information to CPS upon request. These audit logs must be kept according to CPS’s records retention policy for student records. ● Develop and implement policies and procedures regarding the use of information systems that describe how users are to protect against intrusion, tampering, viruses, etc. ● Authentication mechanism and integration with Active Directory. Should support user account and password requirements and is compatible with the latest version of XXXX protocol / Rapid ID, or other CPS approved SSO service platforms (XXXX, OAuth, OpenID Connect, WS-Federation, CAS) Disentanglement. Vendor will work with CPS to establish a Disentanglement Plan (DP) for the end of the contract term, as a deliverable, which should include the transfer of all CPS-generated information and deleting all CPS information from the system after CPS receives and validates the data. The provider shall not assume any liberty to use aggregate or scrambled CPS data without written permission. During the contract (Data Lifecycle Plan) term, the vendor shall delete the Board’s data when no longer necessary to provide the services outlined in the agreement. This would include working or backup copies of CPS data, data used in Development or Staging environments, or data from previous school years that are no longer required for the vendor to provide services. (Education Logistics, Inc.) Edulog must provide ...