{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "external-networks", "type": "definition", "offset": [119, 136]}, {"key": "external-sources", "type": "definition", "offset": [151, 167]}, {"key": "pass-through", "type": "definition", "offset": [196, 208]}, {"key": "malware-protection", "type": "clause", "offset": [228, 246]}, {"key": "prior-to", "type": "definition", "offset": [247, 255]}, {"key": "production-environment", "type": "definition", "offset": [275, 297]}, {"key": "the-services", "type": "definition", "offset": [314, 326]}], "samples": [{"hash": "9UXmUgxFV8W", "uri": "/contracts/9UXmUgxFV8W#network-segmentation", "label": "Transfer Agency and Shareholder Services Agreement (Laudus Trust)", "score": 32.5701560974, "published": true}, {"hash": "5bSRFDdV1vs", "uri": "/contracts/5bSRFDdV1vs#network-segmentation", "label": "Transfer Agency and Shareholder Services Agreement (Schwab Investments)", "score": 32.4798088074, "published": true}, {"hash": "hy6aBU0swb9", "uri": "/contracts/hy6aBU0swb9#network-segmentation", "label": "Transfer Agency and Shareholder Services Agreement (Touchstone Strategic Trust)", "score": 32.3210144043, "published": true}], "snippet": "BNYM\u2019s infrastructure utilizes a multi-tier architecture, including a DMZ, to isolate the internal infrastructure from external networks. Traffic from external sources will traverse firewalls and pass through multiple layers of malware protection prior to processing. BNYM\u2019s production environment used to provide the Services will be segregated from pre-production regions and BNYM\u2019s internal segment.", "size": 8, "hash": "f821cffdb81f1e5a6f36bdbf5376ae64", "id": 3}, {"snippet_links": [{"key": "bny-mellon", "type": "definition", "offset": [0, 10]}, {"key": "external-networks", "type": "definition", "offset": [125, 142]}, {"key": "external-sources", "type": "definition", "offset": [157, 173]}, {"key": "pass-through", "type": "definition", "offset": [202, 214]}, {"key": "malware-protection", "type": "clause", "offset": [234, 252]}, {"key": "prior-to", "type": "definition", "offset": [253, 261]}, {"key": "production-environment", "type": "definition", "offset": [287, 309]}, {"key": "the-services", "type": "definition", "offset": [326, 338]}], "samples": [{"hash": "6scUQPcyu3", "uri": "/contracts/6scUQPcyu3#network-segmentation", "label": "Sub Administration and Accounting Agreement (KKR Enhanced US Direct Lending Fund-L)", "score": 35.2970581055, "published": true}, {"hash": "3kbcsyuq57p", "uri": "/contracts/3kbcsyuq57p#network-segmentation", "label": "Sub Administration and Accounting Agreement (KKR US Direct Lending Fund-U)", "score": 34.7796020508, "published": true}, {"hash": "9cbW7WmZ0lE", "uri": "/contracts/9cbW7WmZ0lE#network-segmentation", "label": "Custody Agreement (Manulife Private Credit Fund)", "score": 34.7111549377, "published": true}], "snippet": "BNY Mellon\u2019s infrastructure utilizes a multi-tier architecture, including a DMZ, to isolate the internal infrastructure from external networks. Traffic from external sources will traverse firewalls and pass through multiple layers of malware protection prior to processing. BNY Mellon\u2019s production environment used to provide the services will be segregated from pre-production regions and BNY Mellon\u2019s internal segment.", "size": 9, "hash": "6fb6b46361e4503248b25722ebcbfb9d", "id": 2}, {"snippet_links": [{"key": "applicable-to", "type": "clause", "offset": [22, 35]}, {"key": "network-devices", "type": "definition", "offset": [70, 85]}, {"key": "the-network", "type": "definition", "offset": [117, 128]}, {"key": "on-trust", "type": "clause", "offset": [166, 174]}, {"key": "the-information", "type": "clause", "offset": [185, 200]}, {"key": "to-provide", "type": "clause", "offset": [221, 231]}, {"key": "system-access", "type": "definition", "offset": [257, 270]}, {"key": "information-flows", "type": "clause", "offset": [323, 340]}, {"key": "mobile-devices", "type": "definition", "offset": [517, 531]}, {"key": "bring-your-own-device", "type": "definition", "offset": [640, 661]}, {"key": "network-infrastructure", "type": "definition", "offset": [711, 733]}, {"key": "network-connections", "type": "definition", "offset": [758, 777]}, {"key": "separated-from", "type": "definition", "offset": [787, 801]}, {"key": "business-use", "type": "clause", "offset": [806, 818]}, {"key": "for-management", "type": "clause", "offset": [922, 936]}], "samples": [{"hash": "lCt47oxUe5k", "uri": "/contracts/lCt47oxUe5k#network-segmentation", "label": "Contract for the Provision of Bridge Program Child Care Navigator, Trauma Informed Training and Coaching, and Emergency Child Care Voucher Services", "score": 36.1309673309, "published": true}, {"hash": "JgBBD0Cp6N", "uri": "/contracts/JgBBD0Cp6N#network-segmentation", "label": "Contract", "score": 36.0235557556, "published": true}, {"hash": "3gud4zThP9X", "uri": "/contracts/3gud4zThP9X#network-segmentation", "label": "Contract for the Provision of Integrated Job Services", "score": 35.8968925476, "published": true}], "snippet": "NOTE: This section is applicable to Departments that manage their own network devices.\n2.2.2.1 Segment (e.g., VLANs) the network into multiple, separate zones (based on trust levels of the information stored/transmitted) to provide more granular control of system access and additional intranet boundary defenses. Whenever information flows over a network of lower trust level, the information shall be encrypted.\n2.2.2.2 Segment the network into multiple, separate zones based on the devices (servers, workstations, mobile devices, printers, etc.) connected to the network.\n2.2.2.3 Create separate network segments (e.g., VLANs) for BYOD (bring your own device) systems or other untrusted devices.\n2.2.2.4 The network infrastructure shall be managed across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.", "size": 11, "hash": "942a9a3eafd8330a73bf9aa36930775d", "id": 1}, {"snippet_links": [{"key": "establish-and-maintain", "type": "clause", "offset": [16, 38]}, {"key": "appropriate-network", "type": "definition", "offset": [39, 58]}, {"key": "local-area-networks", "type": "definition", "offset": [102, 121]}, {"key": "where-appropriate", "type": "definition", "offset": [130, 147]}, {"key": "access-to-systems", "type": "clause", "offset": [169, 186]}, {"key": "customer-data", "type": "definition", "offset": [195, 208]}, {"key": "public-networks", "type": "definition", "offset": [253, 268]}, {"key": "internal-network", "type": "definition", "offset": [287, 303]}, {"key": "or-equivalent", "type": "definition", "offset": [314, 327]}, {"key": "direct-connections", "type": "clause", "offset": [355, 373]}], "samples": [{"hash": "7ZiSf7jXs9V", "uri": "/contracts/7ZiSf7jXs9V#network-segmentation", "label": "Master Services Agreement", "score": 26.4277896881, "published": true}, {"hash": "dAs1J7snDG0", "uri": "/contracts/dAs1J7snDG0#network-segmentation", "label": "Master Services Agreement", "score": 26.3634490967, "published": true}, {"hash": "bAMHCXdNuo6", "uri": "/contracts/bAMHCXdNuo6#network-segmentation", "label": "Master Services Agreement", "score": 25.7953453064, "published": true}], "snippet": "Convercent will establish and maintain appropriate network segmentation, including the use of virtual local area networks (VLANS) where appropriate, to restrict network access to systems storing Customer Data. Convercent will proxy all connections from public networks into Convercent's internal network using DMZ or equivalent. Convercent will not allow direct connections from public networks into any network segment storing Customer Data.", "size": 7, "hash": "0d25f586839dec8ed7e0b91f09dfb027", "id": 4}, {"snippet_links": [{"key": "hosting-facilities", "type": "clause", "offset": [92, 110]}, {"key": "for-services", "type": "clause", "offset": [111, 123]}, {"key": "to-development", "type": "clause", "offset": [179, 193]}, {"key": "authorized-devices", "type": "definition", "offset": [266, 284]}, {"key": "network-segregation", "type": "clause", "offset": [331, 350]}, {"key": "request-and-approval-process", "type": "clause", "offset": [387, 415]}], "samples": [{"hash": "g8sFOOzxIdC", "uri": "/contracts/g8sFOOzxIdC#network-segmentation", "label": "Master Services Agreement", "score": 33.3646888733, "published": true}, {"hash": "5jYyO7U67ZC", "uri": "/contracts/5jYyO7U67ZC#network-segmentation", "label": "Master Services Agreement", "score": 33.1038627625, "published": true}], "snippet": "RingCentral\ni) Implements network segmentation between the corporate enterprise network and hosting facilities for Services.\nii) Ensures separation between environments dedicated to development, staging, and production.\niii) Restricts access between environments to authorized devices.\niv) Controls configuration and management of network segregation and firewall rules through a formal request and approval process.", "size": 2, "hash": "53ad5bae583906c863266c8350c2570b", "id": 5}, {"snippet_links": [{"key": "establish-and-maintain", "type": "clause", "offset": [19, 41]}, {"key": "appropriate-network", "type": "definition", "offset": [42, 61]}, {"key": "local-area-networks", "type": "definition", "offset": [105, 124]}, {"key": "where-appropriate", "type": "definition", "offset": [133, 150]}, {"key": "access-to-systems", "type": "clause", "offset": [172, 189]}, {"key": "subscriber-data", "type": "definition", "offset": [198, 213]}], "samples": [{"hash": "1tvFaybuYnP", "uri": "/contracts/1tvFaybuYnP#network-segmentation", "label": "Software as a Service Agreement", "score": 26.7837104797, "published": true}, {"hash": "8xPSQDuJc9T", "uri": "/contracts/8xPSQDuJc9T#network-segmentation", "label": "Software as a Service Agreement", "score": 26.7303218842, "published": true}], "snippet": "Market Logic shall establish and maintain appropriate network segmentation, including the use of virtual local area networks (VLANS) where appropriate, to restrict network access to systems storing Subscriber Data.", "size": 2, "hash": "975a35feca6d2011b2987d0e13712dfa", "id": 6}, {"snippet_links": [{"key": "establish-and-maintain", "type": "clause", "offset": [10, 32]}, {"key": "appropriate-network", "type": "definition", "offset": [33, 52]}, {"key": "local-area-networks", "type": "definition", "offset": [96, 115]}, {"key": "where-appropriate", "type": "definition", "offset": [124, 141]}, {"key": "access-to-systems", "type": "clause", "offset": [163, 180]}, {"key": "public-networks", "type": "definition", "offset": [236, 251]}, {"key": "internal-network", "type": "definition", "offset": [266, 282]}, {"key": "or-equivalent", "type": "definition", "offset": [293, 306]}, {"key": "direct-connections", "type": "clause", "offset": [327, 345]}], "samples": [{"hash": "dJXmwvWQ2br", "uri": "/contracts/dJXmwvWQ2br#network-segmentation", "label": "Terms of Use and Api License Agreement", "score": 26.2799453735, "published": true}], "snippet": "You shall establish and maintain appropriate network segmentation, including the use of virtual local area networks (VLANS) where appropriate, to restrict network access to systems storing eBay Data. You will proxy all connections from public networks into the your internal network using DMZ or equivalent. You will not allow direct connections from public networks into any network segment storing eBay Data.", "size": 2, "hash": "af7e2f608de352242b8c92bbb154475c", "id": 7}, {"snippet_links": [{"key": "the-trustee", "type": "clause", "offset": [0, 11]}, {"key": "external-networks", "type": "definition", "offset": [126, 143]}, {"key": "external-sources", "type": "definition", "offset": [158, 174]}, {"key": "pass-through", "type": "definition", "offset": [203, 215]}, {"key": "malware-protection", "type": "clause", "offset": [235, 253]}, {"key": "prior-to", "type": "definition", "offset": [254, 262]}, {"key": "production-environment", "type": "definition", "offset": [289, 311]}, {"key": "the-services", "type": "definition", "offset": [328, 340]}], "samples": [{"hash": "7u2tj25NM3T", "uri": "/contracts/7u2tj25NM3T#network-segmentation", "label": "Rabbi Trust Agreement (Tampa Electric Co)", "score": 31.1300487518, "published": true}], "snippet": "The Trustee\u2019s infrastructure utilizes a multi-tier architecture, including a DMZ, to isolate the internal infrastructure from external networks. Traffic from external sources will traverse firewalls and pass through multiple layers of malware protection prior to processing. The Trustee\u2019s production environment used to provide the Services will be segregated from pre-production regions and the Trustee\u2019s internal segment.", "size": 1, "hash": "e94ed6ab051618876ab3460dbafaa68b", "id": 8}, {"snippet_links": [{"key": "personal-data", "type": "definition", "offset": [45, 58]}, {"key": "the-internet", "type": "clause", "offset": [82, 94]}, {"key": "actively-managed", "type": "definition", "offset": [98, 114]}, {"key": "network-access-controls", "type": "clause", "offset": [115, 138]}, {"key": "minimum-required", "type": "definition", "offset": [173, 189]}, {"key": "operation-of", "type": "definition", "offset": [201, 213]}, {"key": "other-data", "type": "clause", "offset": [306, 316]}], "samples": [{"hash": "a7qgiUcw1jK", "uri": "/contracts/a7qgiUcw1jK#network-segmentation", "label": "Master Services Agreement (Athena Bitcoin Global)", "score": 36.1129379272, "published": true}], "snippet": "Company's systems that host Republic Data or Personal Data will be segmented from the Internet by actively managed network access controls that will restrict traffic to the minimum required for proper operation of those systems. Company's systems will also segment the Republic Data and Personal Data from other data, either via separate systems or logical segmentation.", "size": 1, "hash": "7a47b306de86da7aefa435a5c37454f0", "id": 9}, {"snippet_links": [{"key": "confidential-information", "type": "definition", "offset": [54, 78]}, {"key": "institution-data", "type": "definition", "offset": [82, 98]}, {"key": "the-internet", "type": "clause", "offset": [209, 221]}], "samples": [{"hash": "gAJnWDKwDOu", "uri": "/contracts/gAJnWDKwDOu#network-segmentation", "label": "Service Agreement", "score": 35.4606941048, "published": true}], "snippet": "Jamworks shall segment production networks containing Confidential Information or Institution Data from any externally facing or development networks and shall prevent direct, unauthorised connections between the Internet and such segmented environments.", "size": 1, "hash": "981ebef893db2c760131b8d82089453b", "id": 10}], "next_curs": "Cl0SV2oVc35sYXdpbnNpZGVyY29udHJhY3RzcjkLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2Ih1uZXR3b3JrLXNlZ21lbnRhdGlvbiMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"parents": [["network-and-communications-security", "Network and Communications Security"], ["control-management-policy-statements", "Control Management Policy Statements"], ["miscellaneous", "Miscellaneous"], ["logical-security", "Logical Security"], ["telecommunication-and-network-security", "Telecommunication and Network Security"]], "title": "Network Segmentation", "size": 46, "children": [], "id": "network-segmentation", "related": [["interface", "Interface", "Interface"], ["network-access", "Network Access", "Network Access"], ["network-services", "Network Services", "Network Services"], ["network-upgrades", "Network Upgrades", "Network Upgrades"], ["functionality", "Functionality", "Functionality"]], "related_snippets": [], "updated": "2025-07-10T05:58:13+00:00"}, "json": true, "cursor": ""}}