CIS Hardened Images End User License Agreement

This Agreement is by and between Center for Internet Security, Inc. (“CIS”), a nonprofit corporation registered in the State of Maryland USA, and the entity or individual (the “End User”) identified in the purchase of CIS-offered virtual machine image, CIS Hardened Images® (each a “Product”).

License: Upon purchase of a Product, CIS grants End User a limited, revocable, non-exclusive, non-sublicensable, non-transferable license to use the Product during the Term in accordance with this Agreement. The Products are protected by copyright and other intellectual property laws and by international treaties. The End User acknowledges and agrees that he/she/they/it is not acquiring title or intellectual property rights in the Products and that full title and all ownership rights to the Products will remain property of CIS. Use of the Products may be subject to a separate software licensing (e.g. open source license), and End User agrees to comply with all applicable software licenses in using the Product. In the event of any conflict between the license granted in this Agreement and any separate software license associated with the Product, the terms of the separate software license shall prevail. All rights to the Products not expressly granted in this Agreement are hereby reserved.

Services: CIS shall provide online support services, as may be required, which shall be limited to assisting the End User in running a Product in the cloud environment or performing any configuration-related bug fixes to a Product (the “Services”). The End User shall send all requests for Services via our support portal: www.cisecurity.org/support. End User is not entitled to telephonic support.

End User Responsibilities: End User may use the Products only in connection with the End User’s virtual machine instance. End User shall not use the Products to manage any third party’s equipment or instances without the prior written consent of CIS.

End User may not resell the Products or distribute or share the Products on any website, bulletin board, ftp server or other similar mechanism or device, without the prior written consent of CIS.

Where any information or action on the part of the End User is required by CIS to enable CIS to provide the Services, including support services, End User shall, at its own expense, provide such information and assistance in a timely manner.

End User acknowledges and agrees that: (1) no network, system, device, hardware, software or component can be made fully secure; (2) End User shall be responsible for (a) evaluating the risks and benefits of the Products to his/her/their/its particular circumstances and requirements; and (b) ensuring back-up of all data and software. CIS shall not be liable for any security breach or loss of data or software or corruption to or damage of data or software.

Product Specific Terms: With respect to the Products, the End User shall not: allow any unauthorized access to the Products; or tamper with the Products or insert any data or information into the Products that might affect the Products, cause any damage to CIS or third parties, or be unlawful.

Trial Subscription: If using the Products under a trial subscription, it is your responsibility to cancel within the trial period to avoid unintentional charges or fees. If the trial subscription is not cancelled, your use shall be subject to any renewal and billing terms of the applicable cloud service provider.

Billing/Refund Policy

Billing will be assessed per the standard billing terms of the applicable cloud service provider. Refunds are not available.

Liability Limitations: In no event shall either Party be liable to the other or any third party for any indirect, special, incidental, punitive, or consequential loss or damage or for any loss of or damage to data, ex gratia payments, loss of profit, loss of contract or loss of other economic advantage (in each case whether direct or indirect) howsoever arising out of or in connection with this Agreement or any collateral contract, or the production, sale, supply or use (by CIS, the End User or any third party) of the Products or Services provided under this Agreement, even if that party has previously been advised of the possibility of the same and whether foreseeable or not. These limitations shall apply notwithstanding any failure of essential purpose of any limited remedy.

Upon expiration or termination of this Agreement and/or use of Product(s) by End User for any reason, all licenses granted to End User under this Agreement shall terminate forthwith and CIS will have no further obligation.

No Warranty: The CIS Hardened Images are provided “AS IS”. CIS disclaims any and all warranties, including any implied warranties of merchantability, fitness for a particular purpose, and statutory warranties of non-infringement. CIS in no way whatsoever guarantees that use of any Product assures compliance with regulatory guidelines such as, but not limited to: Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Data Security Standard (DSS), U.S. Department of Defense (DoD) Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).

U.S. Export Control and Sanction Laws: End User acknowledges that with respect to purchase and use of the Product(s), it is his/her/their/its responsibility to understand and abide by all U.S. sanctions and export control laws as set from time to time by the U.S. Bureau of Industry and Security (BIS) and the U.S. Office of Foreign Assets Control (OFAC).

Contract Version Date: 11/29/2024