Common use of Network Security Services Clause in Contracts

Network Security Services. a. A [ * ] MPLS closed network used for internal purposes will satisfy current requirements. In addition, the non-MPLS network (solution includes provisioning and support of both MPLS and non-MPLS circuits) which includes encryption in the firewall (a supported piece of Equipment) also satisfies current requirements. The Vendor’s responsibilities include the following: 1. Implement and maintain security tools, procedures, and systems required to protect the integrity, confidentiality, and availability of the ACI Data Network and data on the Data Network; 1.1. ACI will approve the selection of the security tools; 2. Comply with ACI’s Data Network security policies (described in Schedule J (ACI Policies and Standards), whereby the Vendor will follow the best practices of either ACI or Vendor, whichever requires greater security based on reasonable and prudent standard practices, with approval by ACI; 3. Perform quarterly assessments of risk exposure including: 3.1. Gap analyses to indicate exposure to security threats; Confidential Exhibit A-7—Data Network Services 3.2. Action plans to address gaps; and 3.3. Ratings to gauge progress against closure of gaps; 4. Provide access to and/or assist ACI’s designated third-party vendors in performing vulnerability assessments (of the Vendor support network infrastructure) [ * ] from ACI; 5. Perform reactive security assessments and Incident and problem determination in accordance with ACI network security policies; 6. Activate appropriate security monitoring tools, and back up and analyze the logs from these tools, in accordance with ACI security requirements; 7. Provide recommendations to remediate the gaps identified by analyzing the logs;