Monitoring and Anomaly Detection Sample Clauses

Monitoring and Anomaly Detection. (Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, NIST SP 800-137, E-Government Act of 2002 (P.L. 107-347), and Security Assessment and Authorization (CA) and Risk Assessment (RA) Families, NIST SP 800-53 rev. 4) SSA requires that the EIEPs use an Intrusion Protection System (IPS) or an Intrusion Detection System (IDS). The EIEP must establish and/or maintain continuous monitoring of its network infrastructure and assets to ensure that:
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
Monitoring and Anomaly Detection. The SWA’s system must include the capability to prevent employees from browsing (i.e. unauthorized access or use of SSA information) SSA records for information not related to an SWA client case (e.g. celebrities, SWA employees, relatives, etc.) If the SWA system design is transaction driven (i.e. employees cannot initiate transactions themselves, rather, the SWA system triggers the transaction to SSA), or if the design includes a “permission module” (i.e. the transaction requesting information from SSA cannot be triggered by an SWA employee unless the SWA system contains a record containing the client’s Social Security Number), then the SWA needs only minimal additional monitoring and anomaly detection. If such designs are used, the SWA only needs to monitor any attempts by their employees to obtain information from SSA for clients not in their client system, or attempts to gain access to SSA data within the SWA system by employees not authorized to have access to such information. If the SWA design does not include either of the security control features described above, then the SWA must develop and implement compensating security controls to prevent their employees from browsing SSA records. These controls must include monitoring and anomaly detection features, either systematic, manual, or a combination thereof. Such features must include the capability to detect anomalies in the volume and/or type of queries requested by individual SWA employees, and systematic or manual procedures for verifying that requests for SSA information are in compliance with valid official business purposes. The SWA system must produce reports providing SWA management and/or supervisors with the capability to appropriately monitor user activity, such as:  User ID exception reports This type of report captures information about users who enter incorrect user ID’s when attempting to gain access to the system or to the transaction that initiates requests for information from SSA, including failed attempts to enter a password.  Inquiry match exception reports This type of report captures information about users who may be initiating transactions for Social Security Numbers that have no client case association within the SWA system.  System error exception reports This type of report captures information about users who may not understand or be following proper procedures for access to SSA information through the ICON system.  Inquiry activity statistical reports This type o...
Sample 1Sample 2Sample 3See All (5)
Monitoring and Anomaly Detection.  SSA recommends that EIEPs use an Intrusion Protection System (IPS) or an Intrusion Detection System (IDS). The EIEP must establish and/or maintain continuous monitoring of its network infrastructure and assets to ensure the following: o The EIEP’s security controls continue to be effective over time o Only authorized individuals, devices, and processes have access to SSA- provided information o The EIEP detects efforts by external and internal entities, devices, or processes to perform unauthorized actions (i.e., data breaches, malicious attacks, access to network assets, software/hardware installations, etc.) as soon as they occur o The necessary parties are immediately alerted to unauthorized actions performed by external and internal entities, devices, or processes o Upon detection of unauthorized actions, measures are immediately initiated to prevent or mitigate associated risk o In the event of a data breach or security incident, the EIEP can efficiently determine and initiate necessary remedial actions o The trends, patterns, or anomalous occurrences and behavior in user or network activity that may be indicative of potential security issues are readily discernible The EIEP’s system must include the capability to prevent employees from unauthorized browsing of SSA records. SSA strongly recommends the use of a transaction-driven permission module design, whereby employees are unable to initiate transactions not associated with the normal business process. If the EIEP uses such a design, they then need anomaly detection to detect and monitor employee’s unauthorized attempts to gain access to SSA-provided information and attempts to obtain information from SSA for clients not in the EIEP’s client system. The EIEP should employ measures to ensure the permission module’s integrity. Users should not be able to create a bogus case and subsequently delete it in such a way that it goes undetected. If the EIEP’s design does not currently use a permission module and is not transaction- driven, until at least one of these security features exists, the EIEP must develop and implement compensating security controls to deter employees from browsing SSA records. These controls must include monitoring and anomaly detection features, either systematic, manual, or a combination thereof. Such features must include the capability to detect anomalies in the volume and/or type of transactions or queries requested or initiated by individuals and include systematic or manu...
Sample 1Sample 2Sample 3See All (4)

Related to Monitoring and Anomaly Detection

  • Program Monitoring and Evaluation (c) The Recipient shall prepare, or cause to be prepared, and furnish to the Association not later than six months after the Closing Date, a report of such scope and in such detail as the Association shall reasonably request, on the execution of the Program, the performance by the Recipient and the Association of their respective obligations under the Legal Agreements and the accomplishment of the purposes of the Financing.”

  • Monitoring and Evaluation a. The AGENCY shall expeditiously provide to the COUNTY upon request, all data needed for the purpose of monitoring, evaluating and/or auditing the program(s). This data shall include, but not be limited to, clients served, services provided, outcomes achieved, information on materials and services delivered, and any other data required, in the sole discretion of the COUNTY, that may be required to adequately monitor and evaluate the services provided under this Contract. Monitoring shall be performed in accordance with COUNTY’S established Noncompliance Standards, a copy of which is attached hereto and incorporated by reference as Attachment “C”.

  • Monitoring and Compliance Every year during the term of this Agreement on the anniversary date of the effective date of the Agreement, the Restaurant shall provide to the United States a narrative report of the actions taken during the reporting period to remove any barriers to access and otherwise enhance accessibility for individuals with disabilities at the Restaurant and any plans for action concerning ADA compliance in the coming year. The report shall include as an exhibit copies of any complaint, whether formal or informal, received during the reporting period alleging that the Restaurant was not being operated in compliance with the ADA or otherwise discriminated against any person on account of disability. The Owner and Operator of the Restaurant shall cooperate in good faith with any and all reasonable requests by the United States for access to the Restaurant and for information and documents concerning the Restaurant's compliance with this Agreement and the ADA. The United States shall have the right to verify compliance with this Agreement and the ADA, both as set forth in this Agreement and through any means available to the general public, including visits to the public areas of the Restaurant and communications with Restaurant staff. The United States shall have the right to inspect the facility at any time, and counsel for the United States need not identify themselves in the course of visits to the public areas.

  • Project Monitoring Reporting and Evaluation The Recipient shall furnish to the Association each Project Report not later than forty-five (45) days after the end of each calendar semester, covering the calendar semester.

  • Evaluation, Testing, and Monitoring 1. The System Agency may review, test, evaluate and monitor Grantee’s Products and services, as well as associated documentation and technical support for compliance with the Accessibility Standards. Review, testing, evaluation and monitoring may be conducted before and after the award of a contract. Testing and monitoring may include user acceptance testing. Neither the review, testing (including acceptance testing), evaluation or monitoring of any Product or service, nor the absence of review, testing, evaluation or monitoring, will result in a waiver of the State’s right to contest the Grantee’s assertion of compliance with the Accessibility Standards.

  • Monitoring and Review 5.1 The Council and the BID Company shall set up the Standard Services Review Panel within 28 days from the date of this Agreement the purpose of which shall be to:

  • Monitoring and Reporting 3.1 The Contractor shall provide workforce monitoring data as detailed in paragraph 3.2 of this Schedule 8. A template for data collected in paragraphs 3.2, 3.3 and 3.4 will be provided by the Authority. Completed templates for the Contractor and each Sub-contractor will be submitted by the Contractor with the Diversity and Equality Delivery Plan within six (6) Months of the Commencement Date and annually thereafter. Contractors are required to provide workforce monitoring data for the workforce involved in delivery of the Contract. Data relating to the wider Contractor workforce and wider Sub-contractors workforce would however be well received by the Authority. Contractors and any Sub-contractors are required to submit percentage figures only in response to paragraphs 3.2(a), 3.2(b) and 3.2(c).

  • COUNTY’S QUALITY ASSURANCE PLAN The County or its agent will evaluate the Contractor’s performance under this Contract on not less than an annual basis. Such evaluation will include assessing the Contractor’s compliance with all Contract terms and conditions and performance standards. Contractor deficiencies which the County determines are severe or continuing and that may place performance of the Contract in jeopardy if not corrected will be reported to the Board of Supervisors. The report will include improvement/corrective action measures taken by the County and the Contractor. If improvement does not occur consistent with the corrective action measures, the County may terminate this Contract or impose other penalties as specified in this Contract.

  • Musculoskeletal Injury Prevention and Control (a) The Hospital in consultation with the Joint Health and Safety Committee (JHSC) shall develop, establish and put into effect, musculoskeletal prevention and control measures, procedures, practices and training for the health and safety of employees.

  • Quality Assurance/Quality Control Contractor shall establish and maintain a quality assurance/quality control program which shall include procedures for continuous control of all construction and comprehensive inspection and testing of all items of Work, including any Work performed by Subcontractors, so as to ensure complete conformance to the Contract with respect to materials, workmanship, construction, finish, functional performance, and identification. The program established by Contractor shall comply with any quality assurance/quality control requirements incorporated in the Contract.

Time is Money Join Law Insider Premium to draft better contracts faster.