Security Architecture and Design. (i) a security architecture that reasonably ensures delivery of Security Best Practices;
Security Architecture and Design. Provider represents and warrants that it has established and during the Term it will at all times maintain:
Security Architecture and Design. The Contractor will maintain in-house a certified security specialist that holds one or more of the following certifications:
Security Architecture and Design. The Contractor shall produce a design specification and security architecture that: o The contractor shall implement assurance overlay to achieve such trustworthiness in the information system, information system component, or information system service supporting its critical missions/business functions. o The contractor shall identify critical information system components and functions by performing a criticality analysis for information systems, information system components, or information system services decision points. o The contractor shall ensure design specification and security architecture is consistent with and supportive of the NOAA/NESDIS specified and/or mandated organizational tools. o The contractor shall ensure design specification and security architecture are accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components. o The contractor shall address RFIMS Plans Of Actions and Milestones (POA&Ms). o Is consistent with and supportive of the high-impact security architecture to demonstrate consistency with the NESDIS enterprise architecture and information security architecture; o Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and o Expresses how individual security functions, mechanisms, and services work together to provide required high- impact security capabilities and a unified approach to protection. IT Security Applicable Documents Number Document Title Document Location Version Date AD-1 NIST SP 800- xxxx://xxxxxxx.xxxx.xxx/nistpubs/SpecialPublic Final 02/2010 37, Rev. 1, Guide for ations/NIST.SP.800-37r1.pdf Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach Number Document Title Document Location Version Date AD-2 NIST SP 800-60, Rev. 1, Guide for Mapping Types of Information and Information Systems to SecurityCategories. xxxx://xxxx.xxxx.xxx/publications/nistpubs/800- 60-rev1/SP800-60_Vol1-Rev1.pdf Final 08/2008 AD-3 NOAA IT Security Policies, Regulations and Laws xxxxx://xxx.xxx.xxxx.xxx/policies/ Updated 09/2014 AD-4 NIST FIPS199, Standards for Security Categorization ofFederal Information and Information Systems xxxx://xxxx.xxxx.xxx/publications/fips/fips199/ FIPS-PUB-199-final.pdf Final 02/2004 AD-5 NIST SP 800-53 Rev 4, Security and Privacy Controls for Federal Information System...
Security Architecture and Design. Supplier represents and warrants that it has established and during the Term and any Termination Assistance Period it will at all times maintain: *
Security Architecture and Design. In connection with its Services hereunder, Security Architecture and Design Domain is applied in the following ways:
Security Architecture and Design. Supplier agrees that it has established and during the Term it will maintain: *
Security Architecture and Design. Provider has established and, during the term of the Agreement, will maintain: A security architecture designed to support Industry Standard Security Practices. Documented and enforced technology configuration standards. Processes to encrypt Personal Data, including all backup copies of the same, in transmission and in storage, including storage on any portable media when such media is required to perform the Services, using current industry standard methods (AES 256bit or higher). Processes for regular testing of security systems and processes on an annual basis or more frequently as appropriate. A system of effective firewall(s) and intrusion detection technologies to protect Personal Data. Database and application layer design processes that include data protection requirements to protect Personal Data that is collected, processed, and transmitted through such systems. Procedures to backup critical systems that contain Personal Data no less frequently than weekly.
