Remote Access; County Network Clause Samples

Remote Access; County Network. Any remote access by Contractor must be secure and strictly controlled with current industry standards for encryption (e.g., Virtual Private Networks) and strong pass-phrases. For any device Contractor utilizes to remotely connect to County’s network, Contractor shall ensure the remote host device is not connected to any other network while connected to County’s network, with the exception of personal networks that are under Contractor’s complete control or under the complete control of a user or third party authorized in advance by County in writing. Contractor shall not use an open, unencrypted third party provided public WiFi network to remotely connect to County’s network; Equipment used to connect to County’s networks must: (a) utilize antivirus protection software; (b) utilize an updated operating system, firmware, and third party-application patches; and (c) be configured for least privileged access. Should Contractor exceed the scope of remote access necessary to provide the required services under this !greement, as determined in County’s sole discretion, County may suspend Contractor’s access to County’s network immediately without notice; Contractor must utilize, at a minimum, industry standard security measures, as determined in County’s sole discretion, to safeguard County data that resides in or transits through Contractor’s internal network from unauthorized access and disclosure; Contractor shall advise County of any third-party software (e.g., Java, Adobe Reader/Flash, Silverlight) required to be installed by County and all versions supported. Contractor shall ensure that the Software is developed based on industry standards and best practices, including following secure programming techniques and incorporating security throughout the software-development life cycle. Contractor shall ensure the Contractor Software provides for role-based access controls and runs with least privilege access. Contractor shall support electronic delivery of digitally signed upgrades from Contractor’s website. Contractor shall enable auditing by default in software for any privileged access or changes. The Software must not be within three (3) years from Software's end of life date as of the date of this Amendment. Contractor shall regularly provide County with end-of-life-schedules for all applicable Contractor Software. Contractor will support encryption using at a minimum Advanced Encryption Standard 256-bit encryption keys (“!ES-256”) or current industry s...