Vulnerability Management. Vendor shall address vulnerabilities in accordance with NIST vulnerability management controls including, but not limited to, addressing vulnerabilities in the applicable timeframes set forth in such policies. Vendor shall provide a monthly vulnerability report and a risk mitigation plan to address any identified vulnerabilities. Critical and high vulnerabilities, as defined in NIST management controls, shall be reported to the USAC Chief Information Officer and Chief Information Security Officer, and Vendor shall remedy such vulnerabilities as described in Attachment 7. In the event that Vendor cannot meet the applicable timeframe, Vendor shall provide USAC a plan of action and milestones to address such vulnerabilities promptly and shall prioritize remediation based on the risks implicated by such vulnerabilities. Failure to meet the applicable timeframe will result in USAC receiving a Service Level Credit as set forth in Attachment 5.
Appears in 2 contracts
Samples: Master Services Agreement, Master Services Agreement
Vulnerability Management. Vendor shall address vulnerabilities in accordance with NIST vulnerability management controls including, but not limited to, addressing vulnerabilities in the applicable timeframes set forth in such policies. Vendor shall provide a monthly vulnerability report and a risk mitigation plan to address any identified vulnerabilities. Critical and high vulnerabilities, as defined in NIST management controls, shall be reported to the USAC Chief Information Officer and Chief Information Security Officer, and Vendor shall remedy such vulnerabilities as described in Attachment 7. In the event that Vendor cannot meet the applicable timeframe, Vendor shall provide USAC a plan of action and milestones to address such vulnerabilities promptly promptly, and shall prioritize remediation based on the risks implicated by such vulnerabilities. Failure to meet the applicable timeframe will result in USAC receiving a Service Level Credit as set forth in Attachment 5.
Appears in 1 contract
Samples: Master Services Agreement
Vulnerability Management. Vendor shall address vulnerabilities in accordance with NIST vulnerability management controls including, but not limited to, addressing vulnerabilities in the applicable timeframes set forth in such policies. Vendor shall provide a monthly vulnerability report and a risk mitigation plan to address any identified vulnerabilities. Critical and high vulnerabilities, as defined in NIST management controls, shall be reported to the USAC Chief Information Officer and Chief Officer, or Director of Information Security OfficerSecurity, and Vendor shall remedy such vulnerabilities as described in Attachment 7within thirty (30) calendar days of identifying them. In the event that Vendor cannot meet the applicable timeframe, Vendor shall provide USAC a plan of action and milestones to address such vulnerabilities promptly promptly, and shall prioritize remediation based on the risks implicated by such vulnerabilities. Failure to meet the applicable timeframe will result in USAC receiving a Service Level Credit as set forth in Attachment 5Schedule 3.
Appears in 1 contract
Samples: Master Services Agreement