PII. Without limiting, and in addition to, Article 2, this Article, and Attachment 7, Vendor shall ensure that: (i) PII shall be protected in accordance with all Laws and USAC requirements, including, without limitation, relevant: (a) OMB Memorandum M-17-12; (b) guidance from the NIST including without limitation the most current revision of NIST SP 800-53 Rev. 5; and (c) FCC requirements or the most current replacement of the above; (ii) to the extent that cloud-based Services are to be employed by Vendor and interact with USAC data, Vendor shall provide documentation and proof of FedRAMP-Authorization to demonstrate compliance and such Services shall be certified by FedRAMP for use at a moderate risk by the time the cloud-based Services are implemented (USAC reserves the right to inspect the Authority to Operate or the complete package of documents for those with agency accreditation); and (iii) all Cybersecurity Incidents or Privacy Incidents resulting in any interruption to system services including the disclosure of PII, shall be tracked in accordance with NIST SP 800-53 Rev. 5, NIST SP 800-61, and OMB Memorandum M-17-12.
Appears in 2 contracts
Samples: Master Services Agreement, Master Services Agreement
PII. Without limiting, and in addition to, Article 215, this Article, and Attachment 7, Vendor shall ensure that: (i) PII shall be protected in accordance with all Laws and USAC requirements, including, without limitation, relevant: (a) OMB Memorandum M-17-12; (b) guidance from the NIST including without limitation the most current revision of NIST SP 800-53 Rev. 5; and (c) FCC requirements or the most current replacement of the above; (ii) to the extent that cloud-based Services are to be employed by Vendor and interact with USAC data, Vendor shall provide documentation and proof of FedRAMP-Authorization to demonstrate compliance and such Services shall be certified by FedRAMP for use at a moderate risk by the time the cloud-based Services are implemented (USAC reserves the right to inspect the Authority to Operate notice for Services certified by the FedRAMP Joint Accreditation Board or the complete package of documents for those with agency accreditation); and (iii) all Cybersecurity Incidents or Privacy Incidents security-related incidents resulting in any interruption to system services including the disclosure of PII, shall be tracked in accordance with NIST SP 800-53 Rev. 5, NIST SP 800-61, and OMB Memorandum M-17-12.
Appears in 1 contract
Samples: Master Services Agreement
PII. Without limiting, and in addition to, Article 215, this Article, and Attachment 7Schedule 9, Vendor shall ensure that: (i) PII shall be protected in accordance with all Laws and USAC requirements, including, without limitation, relevant: (a) OMB Memorandum M-17-12; (b) guidance from the NIST including without limitation the most current revision of NIST SP 800-53 Rev. 5; and (c) FCC requirements or the most current replacement of the above; (ii) to the extent that cloud-based Services are to be employed by Vendor and interact with USAC data, Vendor shall provide documentation and proof of FedRAMP-Authorization Authorized Designation to demonstrate compliance and such Services shall be certified by FedRAMP for use at a moderate risk by the time the cloud-based Services are implemented (USAC reserves the right to inspect the Authority to Operate notice for Services certified by the FedRAMP Joint Accreditation Board or the complete package of documents for those with agency accreditation); and (iii) all Cybersecurity Incidents or Privacy Incidents security-related incidents resulting in any interruption to system services including the disclosure of PII, shall be tracked in accordance with NIST SP 800-53 Rev. 5, NIST SP 800-61, and OMB Memorandum M-17-12.
Appears in 1 contract
Samples: Master Services Agreement
