Security Framework Clause Samples
A Security Framework clause establishes the standards and requirements for protecting data, systems, and networks within the scope of an agreement. It typically outlines the specific security measures, such as encryption protocols, access controls, and regular security assessments, that parties must implement to safeguard sensitive information. By defining these obligations, the clause ensures that both parties maintain a consistent and adequate level of security, thereby reducing the risk of data breaches and ensuring compliance with relevant regulations.
Security Framework. In addition to your obligations set forth in the Security Schedule, you expressly agree to establish, implement and update, as necessary, security policies, procedures, and systems related to the initiation, processing and storage of ACH Origination entries.
Security Framework. The required security framework is provided for in the SECURE ERDS software. The ERDS software shall use a minimum of 128 bit file and image encryption. Industry standard Secure Sockets Layer (SSL) and user login with password that is encrypted shall be employed. User passwords are controlled by the user and at a minimum changed at 90 day intervals to reduce security exposure.
a) Endpoint Security (Authentication Token)
Security Framework. Security framework uses an ACL architecture similar to Windows NT. An access control entry allows or denies a player or a group access to game capabilities in service resolution. The set of actions for player in a game include sending and receiving messages and accessing service data such as the collection of current players. The security token is a 32bit value in which every bit represents an allowed action. A security token is associated with a player-game or a group-game pair to form an Access Control Entry (ACE). The collection of all ACEs for a game forms the service's Access Control List (ACL).
Security Framework. Encryption will be a minimum 128bit file and image encryption. Secure Socket Layer (SSL) and user loginlpassword will be employed. User passwords are controlled by the Submitter and should be monitoredlor changed periodically to ensure security. Computers on which documents originate must have all critical operating system patches applied, must have a firewall (hardware or software) installed, and must have up to date virus scan software.
Security Framework. We implement internal security controls that align with the NIST Cybersecurity Framework v1.
Security Framework. The required security framework is provided for in the SECURE G2G Portal software. The SECURE G2G Portal software shall use a minimum of 128-bit file and image encryption. Industry standard Secure Sockets Layer (SSL) and user login with password that is encrypted shall be employed. User passwords are controlled by the State Government Agency and at a minimum changed at 90-day intervals to reduce security exposure.
1. ACES will create electronic files containing lien data in an XML format as required by SECURE comprised of an image of the lien notice document and associated index information to include the following data elements: ▪ Taxpayer Legal Business Name ▪ Taxpayer Legal Individual Name ▪ Address ▪ Lien ID ▪ External Code
2. ACES will use the following URLs for uploading files: ▪ For testing: ▇▇▇▇▇://▇▇▇▇▇.▇▇▇.▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇.▇▇▇ ▪ For production: ▇▇▇▇▇://▇▇▇▇▇.▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇.▇▇▇
3. ACES will successfully test all functionality for the exchange of electronic lien filings prior to submitting the initial production file.
4. The XML electronic files sent to SECURE shall not contain PII, including social security numbers, driver’s license numbers and/or date of birth.
5. ACES will notify SECURE of Notice of State Lien form changes impacting the images included in the electronic files prior to including the revised forms in production files.
Security Framework. The required security framework is provided for in the SECURE G2G Portal software. The SECURE G2G Portal software shall use a minimum of 128-bit file and image encryption. Industry standard Secure Sockets Layer (SSL) and user login with password that is encrypted shall be employed. User passwords are controlled by the Government Agency and at a minimum changed at 90-day intervals to reduce security exposure.
a) Endpoint Security (Authentication Token) - Government Agencies will require one token for each agency staff member that will be utilizing the UI. For use of the token to submit documents through the SECURE G2G Portal for recording electronically, please refer to the SECURE G2G Portal User Manual.
Security Framework. The Contractor shall comply with either of the following:
Security Framework. The OHAA system will be hosted on the Amazon Virtual Private Cloud (VPC) through Amazon Web Services (AWS). This solution will provide the logically isolated sections for the various provider offices participating. This architecture will ensure physician’s offices have autonomous control over their data and also supports the data sharing capability with minimal impact to the underlying infrastructure. This significantly reduces both capital and operational expense outlays. Amazon Web Services also maintains compliance to HIPAA privacy and security standards through Federal Risk and Authorization Management Program (FedRAMP) and National Institute of Standards and Technology (NIST) 800-53, a higher security standard that maps to the HIPAA security rule. AWS enables covered entities and their business associates subject to HIPAA to securely process, store, and transmit PHI. The elements that will be part of the security framework are: To gain access to the OHAA system, the user is identified/ authorized through a multi- factor authentication framework; using a combination of their unique Network Id/password and a secure token. Admin safeguards like filling an access form and getting it approved by the security officer is in place. The OHAA system uses the HTTPS protocol to protect the information sent over the network and the Internet. The user connects using a url that is HTTPS secure to access the OHAA system via the internet. With IPSEC-V4/TLS being used the connection between the various points of communication between the systems in the network path is encrypted. VPN adds an additional layer of encryption by protecting all the information being exchanged. File system access controls, implemented via security policies and/or a permissions table, will be in place to ensure that individuals within each state accessing the resources like the file system, documents, images etc. on the servers can be authorized before gaining access. A log is maintained of all the activity of each user that accesses the network/servers. File access controls in place will ensure who gains access to network resources. The firewalls will provide a layer of security starting from the point of entry and throughout the different layers of the system. Based on providing a "Defense in Depth” strategy, the external network and the network perimeter will be monitored using auditing. Penetration testing, vulnerability analysis will be performed routinely to reduce the risk of an attack....
Security Framework. The Kentucky Online Gateway (KOG) provides user provisioning and authorization services. Every component of QHI including MEMS shall invoke KOG services prior to executing a user request from within the MEMS solution. The new MEMS solution shall utilize the KOG solution for user provisioning and authorization services.