System Security Plan Sample Clauses

System Security Plan. The Contractor shall complete the State’s System Security Plan template within ninety (90) Calendar Days after execution of the Contract. After approval by the Department, the Plan shall be updated annually and resubmitted to the Department for review. (Link to DHHS template: xxxxx://xxxxx.xx.xxx/ncdit/documents/files/NC%20DIT%20SSP%20Template.20180112.docx)
Sample 1
AutoNDA by SimpleDocs
System Security Plan. C.8.10.5.1 The contractor shall, upon request, provide to the Government, a system security plan (or extract thereof) and any associated plans of action developed to satisfy the adequate security requirements of DFARS 252.204-7012, and IAW NIST Special Publication (SP) 800- 171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations in effect at the time the solicitation is issued or as authorized by the contracting officer, to describe the contractors unclassified information system(s)/network(s) where covered defense information associated with the execution and performance of this contract is processed, is stored, or transmits. The contractor shall report IAW CDRL A010.
Sample 1
System Security Plan. The Contractor must develop and implement a security plan that provides an overview of the security requirements for the information system. If a security plan does not exist, the Contractor must provide a description of the security controls planned for meeting those requirements. The security plan must be reviewed periodically and revised to address system/organizational changes or problems.
Sample 1
System Security Plan. Servicer shall work with the Department to complete a System Security Plan that is at least in material compliance with the Statewide Information Security Plan: xxxxx://xxx.xxxxxx.xxx/das/OSCIO/Documents/StatewideInformationSecurityPlan.pdf dated August 1, 2018, which may be amended from time to time. A template of a System Security Plan is attached as Appendix D, which shall be used in the development process. The final System Security Plan shall be developed and finalized by Servicer, and approved by the Department, within the first 6-12 months post Agreement execution.
Sample 1
System Security Plan. The Contractor shall develop a Technical Report – Study/Services, POAM and Systems Security Plan (SSP) (CDRL A007) that implements the security requirements of DFARS 252.204-7012. In accordance with DFARS 252.204-7012, the SSP shall implement, at a minimum, all security requirements in NIST 800-171 (Rev. 1) standards 3.1 to 3.14; or ensure that any unimplemented security requirements have been adjudicated by an authorized representative of the DoD CIO to be non-applicable or to have an alternative, but equally effective, security measure in its place. The SSP shall provide proof of such adjudication by DoD CIO. Further, the SSP shall contain a description of the system boundary, the operational environment, how the specific security requirements are currently implemented, and the relationships with or connections to other systems. The POAM shall detail how and when the Contractor will meet all security requirements of SP 800-171 that are not fully implemented except for the requirements noted in the specific bullets below, which must be fully implemented in the SSP. The Contractor shall permit the Government to validate information in the SSP every three years, on an ad hoc basis with no notice to the Contractor, other than to coordinate any necessary security requests, but not more than five business days, or upon replacement or rotation of the Government program manager. The SSP shall:  Fully implement Multi-factor authentication, including authentication and authorization of users in a manner that is auditable  Implement FIPS 140-2 validation encryption at a minimum of Level 1  Employ the principle of least privilege or “need to know”  Require the Contractor to review, in a manner that can be audited, user privileges at least annually  Require monitoring and controlling remote access sessions and includes mechanisms to audit the session and methods
Sample 1

Related to System Security Plan

  • Security Plan The Operator shall develop and execute a security plan that meets the requirements of this Agreement and Article 7. The Operator shall document in the security plan the process used to ensure information systems including hardware, software, applications, and general support systems have effective security safeguards, which have been implemented, planned for, and documented. The Operator shall deliver a copy of the plan to the RIRs after each annual update.

  • Security Program Contractor will develop and implement an effective security program for the Project Site, which program shall require the Contractor and subcontractors to take measures for the protection of their tools, materials, equipment, and structures. As between Contractor and Owner, Contractor shall be solely responsible for security against theft of and damage of all tools and equipment of every kind and nature and used in connection with the Work, regardless of by whom owned.

  • Service Plan 2.1 The Customer shall use the following applicable Service Plan and services during the Term:

  • Emergency Mode Operation Plan Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic DHCS PHI or PI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this Agreement for more than 24 hours.

  • Information Security Program (1) DTI shall implement and maintain a comprehensive written information security program applicable to the Personal Information ("Information Security Program") which shall include commercially reasonable measures, including, as appropriate, policies and procedures and technical, physical, and administrative safeguards that are consistent with industry standards, providing for (i) the security and confidentiality of the Personal Information, (ii) protection of the Personal Information against reasonably foreseeable threats or hazards to the security or integrity of the Personal Information, (iii) protection against unauthorized access to or use of or loss or theft of the Personal Information, and (iv) appropriate disposal of the Personal Information. Without limiting the generality of the foregoing, the Information Security Program shall provide for (i) continual assessment and re-assessment of the risks to the security of Personal Information acquired or maintained by DTI and its agents, contractors and subcontractors in connection with the Services, including but not limited to (A) identification of internal and external threats that could result in unauthorized disclosure, alteration or destruction of Personal Information and systems used by DTI and its agents, contractors and subcontractors, (B) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of such Personal Information, and (C) assessment of the sufficiency of policies, procedures, information systems of DTI and its agents, contractors and subcontractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks.

  • Safety Plan Developer’s safety plan specifically adapted for the Project. Developer's Safety Plan shall comply with all provisions regarding Project safety, including all applicable provisions in these Construction Provisions.

  • Business Continuity Plan The Warrant Agent shall maintain plans for business continuity, disaster recovery, and backup capabilities and facilities designed to ensure the Warrant Agent’s continued performance of its obligations under this Agreement, including, without limitation, loss of production, loss of systems, loss of equipment, failure of carriers and the failure of the Warrant Agent’s or its supplier’s equipment, computer systems or business systems (“Business Continuity Plan”). Such Business Continuity Plan shall include, but shall not be limited to, testing, accountability and corrective actions designed to be promptly implemented, if necessary. In addition, in the event that the Warrant Agent has knowledge of an incident affecting the integrity or availability of such Business Continuity Plan, then the Warrant Agent shall, as promptly as practicable, but no later than twenty-four (24) hours (or sooner to the extent required by applicable law or regulation) after the Warrant Agent becomes aware of such incident, notify the Company in writing of such incident and provide the Company with updates, as deemed appropriate by the Warrant Agent under the circumstances, with respect to the status of all related remediation efforts in connection with such incident. The Warrant Agent represents that, as of the date of this Agreement, such Business Continuity Plan is active and functioning normally in all material respects.

  • Management Plan The Management Plan is the description and definition of the phasing, sequencing and timing of the major Individual Project activities for design, construction procurement, construction and occupancy as described in the IPPA.

  • Contractor and Employee Security Precautions A. The security aspects of working at the Correctional Facility are critical. The following security precautions are part of the site conditions and are a part of this Contract. All persons coming on the site in any way connected with this Work shall be made aware of them, and it is the (General) Contractor’s responsibility to check and enforce them.

  • Optical Plan (a) The Optical Plan shall provide for reimbursement of eligible expenses for the following:

Time is Money Join Law Insider Premium to draft better contracts faster.