Network Security Controls Clause Samples
The Network Security Controls clause establishes requirements for implementing and maintaining safeguards to protect a network and its data from unauthorized access, breaches, or cyber threats. Typically, this clause mandates the use of firewalls, encryption, intrusion detection systems, and regular security assessments to ensure the integrity and confidentiality of information transmitted or stored on the network. Its core function is to mitigate the risk of data breaches and cyberattacks, thereby ensuring the security and reliability of networked systems.
Network Security Controls. Data Importer's information systems have security controls designed to detect and mitigate attacks by using logs and alerting.
Network Security Controls. Provider’s information systems have security controls designed to detect and mitigate attacks by using logs and alerting.
Network Security Controls. Smartnova’s information systems have security controls designed to detect and mitigate attacks by using logs and alerting;
Network Security Controls. 81 7. DEFINITIONS..................................................................... 81 Page 71 of 163 EXHIBIT 10.23
Network Security Controls. 10.1. Vendor shall protect Confidential Information in its networks against unauthorized access or modification, by using, network security devices, such as firewalls and intrusion detection and prevention systems, at critical junctures of Vendor’s IT infrastructure to protect the network perimeters.
10.2. Vendor shall use up-to-date versions of system security software including firewalls, proxies, web application firewalls and interfaces. Additionally, Vendor shall implement and maintain up-to-date antivirus software, malware protection, security updates, patches, and virus definitions consistent with industry recognized standards. Such software shall be installed and running to scan for and promptly remove viruses on all endpoints, servers and networks.
10.3. Vendor shall maintain a patch management process that requires that patches are tested before installation on all systems that Process Confidential Information or are used to deliver services to Entrust.
10.4. Vendor shall ensure that system administrators maintain complete, accurate, and up-to-date information regarding the configuration of all systems that handle Confidential Information.
10.5. Vendor shall maintain controls to ensure the timely identification of vulnerabilities in Vendor’s information systems, including intrusion detection and/or prevention and monitoring and response processes, which identify both internal and external vulnerabilities and risks. At least monthly, Vendor shall scan its information systems with industry-standard security vulnerability scanning software to detect security vulnerabilities. Vendor shall classify detected vulnerabilities according to CVSS and shall remediate any such vulnerabilities within commercially reasonable timeframes commensurate with the risk or severity rating.
10.6. Vendor shall subscribe to vulnerability intelligence services that provide current information about technology and security vulnerabilities.
10.7. Vendor shall refrain from storing Confidential Information on media connected to external networks unless necessary for business purposes.
10.8. Vendor shall log network and remote access attempts and maintain those logs for a minimum of six (6) months.