System Security Controls Clause Samples

The System Security Controls clause establishes the requirements and standards for protecting information systems against unauthorized access, breaches, or other security threats. Typically, this clause outlines the specific technical and organizational measures that must be implemented, such as firewalls, encryption, regular security audits, and access controls. Its core practical function is to ensure that both parties maintain a secure environment for sensitive data, thereby reducing the risk of data breaches and ensuring compliance with relevant security regulations.
System Security Controls. In order to comply with the following system security controls, the Contractor agrees to:
View SourceView Similar (38)
System Security Controls. In order to comply with the following system security controls, the Contractor agrees to: J. Ensure that all Contractor systems containing Medi-Cal PII provide an automatic timeout after no more than 20 minutes of inactivity. K. Ensure that all Contractor systems containing Medi-Cal PII display a warning banner stating that data is confidential, systems are logged, and system use is for business purposes only. User shall be directed to log off the system if they do not agree with these requirements. L. Ensure that all Contractor systems containing Medi-Cal PII log successes and failures of user authentication and authorizations granted. The system shall log all data changes and system accesses conducted by all users (including all levels of users, system administrators, developers, and auditors). The system shall have the capability to record data access for specified users when requested by authorized management personnel. A log of all system changes shall be maintained and be available for review by authorized management personnel. M. Ensure that all Contractor systems containing Medi-Cal PII use role based access controls for all user authentication, enforcing the principle of least privilege. N. Ensure that all Contractor data transmissions over networks outside of the Contractor’s control are encrypted end-to-end using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI, when transmitting Medi-Cal PII. The Contractor shall encrypt Medi-Cal PII at the minimum of 128 bit AES or 3DES (Triple DES) if AES is unavailable. O. Ensure that all Contractor systems that are accessible via the Internet or store Medi-Cal PII actively use either a comprehensive third-party real-time host based intrusion detection and prevention program or be protected at the perimeter by a network based IDS/IPS solution.
View SourceView Similar (19)
System Security Controls. In order to comply with the following system security controls, the Contractor agrees to: A. Ensure that all Contractor systems containing Medi-Cal PII provide an automatic timeout after no more than 20 minutes of inactivity. B. Ensure that all Contractor systems containing Medi-Cal PII display a warning banner stating that data is confidential, systems are logged, and system use is for business purposes only. User shall be directed to log off the system if they do not agree with these requirements. Addendum A – page 5 C. Ensure that all Contractor systems containing Medi-Cal PII log successes and failures of user authentication and authorizations granted. The system shall log all data changes and system accesses conducted by all users (including all levels of users, system administrators, developers, and auditors). The system shall have the capability to record data access for specified users when requested by authorized management personnel. A log of all system changes shall be maintained and be available for review by authorized management personnel. D. Ensure that all Contractor systems containing Medi-Cal PII use role based access controls for all user authentication, enforcing the principle of least privilege. E. Ensure that all Contractor data transmissions over networks outside of the Contractor’s control are encrypted end-to-end using a vendor product that is recognized as an industry leader in meeting the needs for the intended solution, such as products specified on the CSSI, when transmitting Medi-Cal PII. The Contractor shall encrypt Medi-Cal PII at the minimum of 128 bit AES or 3DES (Triple DES) if AES is unavailable.
View Source
System Security Controls. ▇▇▇▇▇▇▇▇▇▇ agrees to: A. Provide an automatic timeout after no more than 20 minutes of inactivity. B. Display a warning banner stating that data is confidential, systems are logged, and system use is for business purposes only. User shall be directed to log off the system if they do not agree with these requirements.
View Source
System Security Controls. A. System The system must provide an automatic after no more than 20 minutes of inactivity.
View Source
System Security Controls 
View SourceView Similar (33)

Related to System Security Controls

  • Security Controls Annually, upon Fund’s reasonable request, DST shall provide Fund’s Chief Information Security Officer or his or her designee with a summary of its corporate information security policy and an opportunity to discuss DST’s information security measures, and a high level and non-confidential summary of any penetration testing related to the provision of in-scope services . DST shall review its Security Policy annually.

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • System Security (a) If any party hereto is given access to the other party’s computer systems or software (collectively, the “Systems”) in connection with the Services, the party given access (the “Availed Party”) shall comply with all of the other party’s system security policies, procedures and requirements that have been provided to the Availed Party in advance and in writing (collectively, “Security Regulations”), and shall not tamper with, compromise or circumvent any security or audit measures employed by such other party. The Availed Party shall access and use only those Systems of the other party for which it has been granted the right to access and use. (b) Each party hereto shall use commercially reasonable efforts to ensure that only those of its personnel who are specifically authorized to have access to the Systems of the other party gain such access, and use commercially reasonable efforts to prevent unauthorized access, use, destruction, alteration or loss of information contained therein, including notifying its personnel of the restrictions set forth in this Agreement and of the Security Regulations. (c) If, at any time, the Availed Party determines that any of its personnel has sought to circumvent, or has circumvented, the Security Regulations, that any unauthorized Availed Party personnel has accessed the Systems, or that any of its personnel has engaged in activities that may lead to the unauthorized access, use, destruction, alteration or loss of data, information or software of the other party hereto, the Availed Party shall promptly terminate any such person’s access to the Systems and immediately notify the other party hereto. In addition, such other party hereto shall have the right to deny personnel of the Availed Party access to its Systems upon notice to the Availed Party in the event that the other party hereto reasonably believes that such personnel have engaged in any of the activities set forth above in this Section 9.2(c) or otherwise pose a security concern. The Availed Party shall use commercially reasonable efforts to cooperate with the other party hereto in investigating any apparent unauthorized access to such other party’s Systems.

  • Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency’s risk under the Contract based on the sensitivity of System Agency’s data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract.