Systems Security Requirements Sample Clauses

Systems Security Requirements. 5.1 Overview  SSA must certify that the EIEP has implemented controls that meet the requirements and work as intended, before we will authorize initiating transactions to and from SSA through batch data exchange processes or online processes such as State Online Query (SOLQ) or Internet SOLQ (SOLQ-I). The Technical Systems Security Requirements (TSSRs) address management, operational, and technical aspects of security safeguards to ensure only the authorized disclosure and use of SSA-provided information by SSA’s EIEPs. SSA recommends that the EIEP develop and publish a comprehensive Systems Security Policy document that specifically addresses:  the classification of information processed and stored within the network,  administrative controls to protect the information stored and processed within the network,  access to the various systems and subsystems within the network,  Security Awareness Training,  Employee Sanctions Policy,  Incident Response Policy, and  the disposal of protected information and sensitive documents derived from the system or subsystems on the network. SSA’s systems security requirements represent the current state-of-the-practice security controls, safeguards, and countermeasures required for Federal information systems by Federal regulations, statutes, standards, and guidelines. Additionally, SSA’s systems security requirements also include organizationally defined interpretations, policies, and procedures mandated by the authority of the Commissioner of Social Security in areas when or where other cited authorities may be silent or non-specific.

Systems Security Requirements. 1. MVA must safeguard information provided under this Agreement by complying with the Systems Security Requirements (SSR) described in the Electronic Information Exchange Security Requirements,

Systems Security Requirements. 4.8.1.1. The Contractor shall assist the Government in establishing and maintaining a comprehensive security program for all acquisition and sustainment programs throughout the system life cycle. 4.8.1.2. The Contractor shall perform Trusted System Network (TSN) and Criticality Analysis (testing, evaluation and analysis of vulnerability assessments for Critical Program Information [CPI] and Critical Components [CCs] [e. g. Software, Hardware, Firmware, supply chain, etc.]), using different methods and techniques as required. 4.8.1.3. The Contractor shall identify and analyze programs’ CPI and CCs (Criticality Analysis). 4.8.1.4. The Contractor shall request, review, and analyze programs’ vulnerability assessments. 4.8.1.5. The Contractor shall request, review, and analyze programs’ threat assessments. 4.8.1.6. The Contractor shall conduct risk, trade-off, and cost-benefit analyses. 4.8.1.7. The Contractor shall develop and integrate system security protection and countermeasures. 4.8.1.8. The Contractor shall develop, review, and manage Security Classification Guides (SCGs). (CDRL A165) 4.8.1.9. The Contractor shall integrate, consolidate, incorporate, and streamline strategies to minimize or contain risks. 4.8.1.10. The Contractor shall manage and distribute assigned SCGs, including rewriting, editing, etc. (CDRL A165) 4.8.1.11. The Contractor shall ensure Systems Security requirements are accounted for in the Supply Chain Risk Management (SCRM) process. 4.8.1.12. The Contractor shall perform damage assessments involving associated security incidents. 4.8.1.13. The Contractor shall assist in the development and review of security related documentation, such as: • PPPs • Anti-Tamper Plans • Memorandum of Agreements • TSN Plans • Counterfeit Prevention Plans • Cybersecurity Strategies • Product Assurance and Material Control Process (authenticity verification techniques, storage, marking, handling, shipping etc.) • SCGs • Program Protection Implementation Plans (PPIPs) • Solicitations • CDRLs • Requests for Proposal (RFPs) • Statements of Work (SOWs)/PWSs • Program Protection Surveys (PPSs) • TEMPEST • Test and Evaluation (T&E) documents (e.g. T&E Master Plan (TEMP), Developmental T&E (DT&E), Operational T&E (▇▇&▇), modeling and simulations testing, Live Fire T&E (LFT&E), family of testing interoperability, integration test, etc.). • Protection requirements contained in System Security Concepts (SSCs), Initial Capabilities Documents, Capabilities Developmen...

Systems Security Requirements. If Information is delivered to the Recipient in softcopy form or is stored electronically in the Recipient's Information processing system(s), the Recipient will also implement the following requirements for such Information: a. each multiple-user information processing system will have password-controlled access. Each user will have a unique user ID and associated password. Datasets will be protected and passwords will be controlled by IBM Resource Access Control Facility (RACF) or a security program providing equivalent protection. Otherwise, each dataset containing Information will be password protected and, if practical, each password will be unique. Local Area Network environments will have controls similar to the requirements set forth above. Access to Information on standalone workstations will be controlled. When such systems are not in use, Information will be secured. b. each password will be randomly selected, non- obvious and non-trivial. Log on passwords will be changed at least every 60 days. Dataset passwords will be changed at least every six months; c. dial-up facilities will be protected by a secure call-back system or other secure method; d. if required by the Discloser, Information will be encrypted when it is electronically transmitted outside the Recipient's facilities or when public communications facilities are used; e. sharing of passwords and disclosure of passwords and encryption keys will be limited to authorized persons; f. displaying and printing of passwords will be either inhibited or masked; and g. before any physical storage media containing Information is released for reuse, it will be degaussed or completely overwritten. IBM INTERNATIONAL LICENSE AGREEMENT FOR EARLY RELEASE OF PROGRAMS AND MATERIALS PART 1 - GENERAL TERMS ________________________________________________________________________________ PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE PROGRAM OR MATERIAL. IBM WILL ONLY LICENSE THE PROGRAM OR MATERIAL TO YOU IF YOU FIRST ACCEPT THE TERMS OF THIS AGREEMENT. REGARDLESS OF HOW YOU ACQUIRE THE PROGRAM OR MATERIAL (ELECTRONICALLY, PRELOADED, ON MEDIA OR OTHERWISE), BY USING THE PROGRAM OR MATERIAL YOU AGREE TO THESE TERMS.

Systems Security Requirements. 1. AAMVA will safeguard the data provided under this Agreement by complying with all administrative, technical, and physical security requirements of SSA’s Systems Security Requirements (SSR) as set forth in

Systems Security Requirements