Common use of Information Exchange Security Clause in Contracts

Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls (i.e., NIST 800-53) are in place and maintained on all components connected to the systems. DHS CISA and the shall protect the data in order to maintain confidentiality, integrity, and availability of the data and information systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations. Specific protocols and ports that are needed to support this interconnection are provided in Appendix A: Ports and protocols not specifically defined in Appendix A will be approved by DHS firewall change control procedures.

Information Exchange Security. Each organization will maintain the boundary protections to include firewalls, IDS/IPS, and any other perimeter protections required for their respective network as dictated by organization security policies. Both organizations will ensure that (where appropriate) virus and spyware detection and eradication capabilities are used and that adequate system access controls (i.e., NIST 800-53) are in place and maintained on all components connected to the systems. DHS CISA and the shall protect the data in order to maintain confidentiality, integrity, and availability of the data and information systems. In order to connect to the DHS TAXII server, any external organization must be white-listed at the TAXII server firewall; therefore, static IP addresses or ranges are to be used by external organizations. Specific protocols and ports that are needed to support this interconnection are provided in Appendix Attachment A: Ports and protocols not specifically defined in Appendix Attachment A will be approved by DHS firewall change control procedures.