CIS Endpoint Security Services via CrowdStrike Terms & Conditions

The following terms and conditions (“TCS”) apply to CIS Endpoint Security Services (the “Services”) provided by Center for Internet Security, Inc. (CIS®) to Customer, as specified in the attached Customer Order Form (the “Order”).

I. Purpose

The purpose of this agreement is to set forth the mutual understanding between the U.S. State, Local, Tribal, or Territorial (SLTT) government Entity named above and CIS, with respect to CIS’ provision of ESS and selected Add-on Services to the Entity.

II. Definitions 

     A.  CIS Security Operations Center (SOC) – 24x7x365 watch and warning center that provides cybersecurity infrastructure monitoring, dissemination of cyber threat warnings along with vulnerability identification and mitigation recommendations.

     B.  Endpoint Security Services or ESS – Endpoint Security Services (ESS) is comprised of the following services:  

                 1.  Next Generation Antivirus (NGAV). A solution deployed on endpoint devices to prevent cyber attacks with the following capabilities:  

  • Detect malicious activity using signature-based and behavior-based threat detection methods with the capability to automate prevention (block attacks),
  • Deny/allow indicators list management to include anomalous behavior-based indicators,
  • Endpoint and file quarantine functionality,
  • Threat notification and alerts, and
  • Web-based management interface with a cloud-based data administration component for enterprise deployment.

                 2.  Endpoint Detection & Response (EDR). Deployment and maintenance of an EDR software agent on Customer’s identified endpoint devices, which will (a) block malicious activity at a device level if agreed to by the Customer; (b) remotely isolate compromised systems after coordination with the Customer; (c) identify threats on premises, in the cloud, or on remote systems; (d) inspect network traffic in a decrypted state on the endpoint for the limited purpose of identifying malicious activity; and (e) identify and remediate malware infections.

                 3.  Centralized management of ESS data to allow system administration, event analysis, and reporting by the CIS SOC. Additionally, Customer will be able to interact with its own ESS data through the management system.  

     C.  Add-on Endpoint Security Services:  From time to time, CIS may offer additional services to supplement ESS (the “Add-on Services”).  Customer may purchase such Add-on Services for an additional fee either at the time it enters into this Agreement, or at a later date, pursuant to a separate order.  Add-on Services are provided by CIS and/or its partners subject to the terms and conditions in this Agreement.  Regardless of whether an Add-on Service is selected by Entity at the time it first enters into this Agreement, or at some later date, the term for CIS’ provision of such Add-on Services shall run concurrently with the Term of this Agreement, unless otherwise agreed to in writing by the Parties. Add-on Services may include but are not limited to the following CIS offerings: 

  • ESS Mobile expands the CIS ESS offering to include device-level protection for mobile devices. ESS Mobile monitors and records activities on Android and iOS devices including phones and tablets. It uses endpoint detection and response technology, enabling security teams to obtain real-time visibility into potential threats confronting sensitive corporate data on managed mobile devices. The automated threat protection of ESS Mobile helps to block malicious phishing links, identify vulnerable devices, and detect malicious and unwanted activity on business-critical mobile apps.   
  • ESS Spotlight leverages the cloud-native power of the CrowdStrike Falcon Platform to bring together endpoint detection and response (EDR) with vulnerability management to provide real-time visibility into vulnerabilities and exposures. ESS Spotlight enables SLTT government entities to consolidate key components of their security stacks to reduce costs and increase protection by creating a single view of their vulnerability exposure.

     D.  Error:  A reproducible failure of ESS to perform in substantial conformity with its Documentation, as supplied by CrowdStrike.

III. Selection of ESS

CIS hereby agrees to supply Customer with ESS and, if applicable, any Add-on Services as set forth in one or more orders. ESS for additional endpoints may be ordered by Entity during the Term of this Agreement by submitting a written request to CIS. The service start date of subsequent orders for ESS shall be the date of each approved order, but services supplied pursuant to all orders shall terminate as of the end of the Term.    

IV. Term of this Agreement

This Agreement will commence on the date it is signed by both Parties (the “Effective Date”), and shall continue in full force and effect for the period specified in the attached order (the “Term”).  

V. Payment Terms

     A.  Initial ESS Purchase.  In consideration for receipt of ESS and any Add-on Services, Entity agrees to pay the sum set forth in the order, in US Dollars (USD).  Payment shall be due and payable within thirty (30) days of the Effective Date. Payment may be made by: (i) EFT transfer; (ii) check made payable to Center for Internet Security and mailed to CIS Accounts Receivable, 31 Tech Valley Drive, East Greenbush, NY 12061; or (iii) credit card transaction according to the instructions provided to Entity by CIS.  The amount payable shall not be reduced by any taxes or fees to be collected by a taxing jurisdiction, financial institution or payment processor incidental to the payment to CIS.

     B.  Purchase of ESS for Subsequent Terms.  At least sixty (60) days prior to the expiration of the Term, CIS will provide Entity an order setting forth pricing for a subsequent Term. Payment associated with a subsequent Term shall be due to CIS no later than the last day of the then-current Term, and may be made using any of the methods described in Section V(A) above.  If such payment is not made prior to the end of the applicable Term, CIS may elect not to renew this Agreement for a subsequent Term.

VI. Responsibilities

     A.  Customer Responsibilities Entity acknowledges and agrees that CIS’ ability to perform the Endpoint Security Services is subject to Entity fulfilling certain responsibilities listed below.  All references to Endpoint Security Services or ESS shall be deemed to include Add-on Services purchased by Entity. 

     Entity acknowledges and agrees that neither CIS nor any third-party provider shall have any responsibility whatsoever to perform the Endpoint Security Services in the event Entity fails to meet its responsibilities described below.

                 1.  For purposes of this Agreement, Entity acknowledges and agrees that the scope of this Agreement is limited to the number of endpoint devices identified in the order Form.  In the event that Entity installs the ESS software agent on a greater number of endpoint devices beyond those identified in the order Form, Entity will be charged for those additional endpoints, including any associated additional charges, and that those additional endpoint devices will be subject to the requirements of this Agreement. Entity will ensure the correct functioning and maintenance of the endpoint devices receiving Endpoint Security Services.

                 2.  Entity shall at all times during the Term employ the most currently supported version of its chosen operating system software for the identified endpoint devices.  Entity acknowledges and agrees that, if it uses an unsupported version of such operating system software, CIS cannot ensure proper functioning of the affected endpoint devices.

                 3.  The following term applies only to ESS Mobile: Entity is responsible for using a Mobile Device Management (MDM) application that is supported by CIS and CrowdStrike to complete installation.

                 4.  Entity shall provide the following to CIS prior to the commencement of the Endpoint Security Services and at any time during the Term of the Agreement if the information changes:

1.  A completed Pre-installation Questionnaire (PIQ), the form of which will be provided to Entity by CIS, which will identify the number and types of endpoints to be monitored during the Term, including identification of the operating systems used in the endpoints. The PIQ will need to be revised whenever there is a change that would affect CIS’ ability to provide the Endpoint Security Services;

2.  Each endpoint device will have access to a secure Internet channel for ESS management and monitoring by CIS;

3.  Accurate and up-to-date information, including the name, email, landline, and mobile numbers for all designated, authorized Point of Contact(s); and

4.  Entity will be responsible for installing the ESS software agent on its endpoints; CIS will provide Entity with a link to the ESS software agent.

                 5.  During the Term of this Agreement, Entity shall provide the following:

1.  Written notification to CIS SOC ([email protected]) at least thirty (30) days in advance of replacement of an existing endpoint device with another similar device and/or changes in operating systems for the endpoint devices that would affect CIS’ ability to provide Endpoint Security Services;

2.  Written notification to CIS SOC ([email protected]) at least twelve (12) hours in advance of any scheduled Internet outages affecting the endpoint devices;

3.  A completed Escalation Procedure Form in the PIQ including the name, e-mail address and 24/7 contact information for all designated Points of Contact (POC).  Revised information must be submitted when there is a change in status for any POC;

4.  Sole responsibility for maintaining current maintenance and technical support contracts with Entity’s software and hardware vendors for any endpoint device covered by ESS; and

5.  Active involvement with CIS SOC to resolve any tickets requiring Entity input or action.

     B.  CIS Responsibilities

                 1.  CIS shall be responsible for purchase of a commercial ESS capability provided by Crowdstrike, to be incorporated into the Endpoint Security Services, and for providing a link for the ESS software agent to Customer for Customer to install on their endpoints.

                 2.  CIS will be responsible for the management and monitoring of the Endpoint Security Services to Customer’s identified endpoint devices, including provision of the link for installation of the applicable ESS agent for the operating system of the endpoint devices, as identified by Customer in the PIQ.

                 3.  CIS will provide the following as part of the Endpoint Security Services:

1. Analysis of logs from monitored security devices for attacks and malicious traffic;

2. Analysis of security events;

3. Correlation of security data/logs/events with information from other sources;

4. Notification of security events per the Escalation Procedures provided by Customer; and

5. Ensuring that all upgrades, patches, configuration changes and signature upgrades of the ESS agent are applied to Customer’s endpoint devices receiving ESS.

6. CIS Security Operation Center. CIS will provide 24/7 telephone (1-866-787-4722) availability for assistance with events detected by the Endpoint Security Services.

                 4. Upon termination of ESS, CIS shall be responsible for the cancellation of the Endpoint Security Services. Customer will be responsible for removal of the ESS agent installed on Customer’s endpoint devices.

     C.  Third Party Provider Terms and Conditions

Customer acknowledges and agrees that as part of providing ESS, CIS has contracted with the third-party provider, CrowdStrike, Inc. (“Crowdstrike”). Customer further acknowledges and agrees that in return for receipt of ESS, it agrees to the following terms and conditions (“Crowdstrike End User Terms”) as an end user of CrowdStrike services as specified in the Order:

                 1.  Access & Use Rights.  Subject to these TCS, Customer has a non-exclusive, non-transferable, non-sublicensable license to access and use the Products in accordance with any applicable Documentation solely for Customer’s Internal Use. The Product includes a downloadable object-code component (“Software Component”); Customer may install and run multiple copies of the Software Components solely for Customer’s Internal Use. Customer’s access and use is limited to the quantity and the period of time specified on the Order.

                 2.  Restrictions.  The access and use rights do not include any rights to (i) employ or authorize any third party (other than Partner) to use or view the Offering or Documentation; (ii) alter, publicly display, translate, create derivative works of or otherwise modify an Offering; (iii) sublicense, distribute or otherwise transfer an Offering to any third party; (iv) allow third parties to access or use an Offering (except for Partner as expressly permitted herein); (v) create public Internet “links” to an Offering or “frame” or “mirror” any Offering content on any other server or wireless or Internet-based device; (vi) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for an Offering (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to an Offering or its related systems or networks; (vii) use an Offering to circumvent the security of another party’s network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (viii) remove or alter any notice of proprietary right appearing on an Offering; (ix) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, an Offering (provided, that this does not prevent Customer from comparing the Products to other products for Customer’s Internal Use); (x) use any feature of CrowdStrike APIs for any purpose other than in the performance of, and in accordance with, the Order; or (xi) cause, encourage or assist any third party to do any of the foregoing. Customer agrees to use an Offering in accordance with laws, rules and regulations directly applicable to Customer and acknowledges that Customer is solely responsible for determining whether a particular use of an Offering is compliant with such laws.

                 3.  Third Party Software.  CrowdStrike uses certain third-party software in its Products, including what is commonly referred to as open source software.  Under some of these third party licenses, CrowdStrike is required to provide Customer with notice of the license terms and attribution to the third party. See the licensing terms and attributions for such third-party software that CrowdStrike uses at: https://falcon.crowdstrike.com/opensource.

                 4.  Installation and User Accounts.  For those Products requiring user accounts, only the individual person assigned to a user account may access or use the Product. Customer is liable and responsible for all actions and omissions occurring under Customer’s user accounts for Offerings.

                 5.  Ownership & Feedback.  The Offerings are made available for use or licensed, not sold. CrowdStrike owns and retains all right, title and interest (including all intellectual property rights) in and to the Offerings. Any feedback or suggestions that Customer provides to CrowdStrike regarding its Offerings (e.g., bug fixes and features requests) is non-confidential and may be used by CrowdStrike for any purpose without acknowledgement or compensation, provided, Customer will not be identified publicly as the source of the feedback or suggestion.

                 6.  Crowdstrike Disclaimer.  PARTNER, AND NOT CROWDSTRIKE, IS RESPONSIBLE FOR ANY WARRANTIES, REPRESENTATIONS, GUARANTEES, OR OBLIGATIONS TO CUSTOMER, INCLUDING REGARDING THE CROWDSTRIKE OFFERINGS. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CUSTOMER’S OR ITS AFFILIATES’ SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR. CROWDSTRIKE AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE.  TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGMENT WITH RESPECT TO THE OFFERINGS. THERE IS NO WARRANTY THAT THE OFFERINGS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CUSTOMER’S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS ARE NOT FAULT-TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. THE OFFERINGS ARE NOT FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE-SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE.  CUSTOMER AGREES THAT IT IS CUSTOMER’S RESPONSIBILITY TO ENSURE SAFE USE OF AN OFFERING IN SUCH APPLICATIONS AND INSTALLATIONS. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES.

                 7.  Customer Obligations.  Customer, along with its Affiliates, represents and warrants that: (i) it owns or has a right of use from a third party, and controls, directly or indirectly, all of the software, hardware and computer systems (collectively, “Systems”) where the Products will be installed or that will be the subject of, or investigated during, the Offerings, (ii) to the extent required under any federal, state, or local U.S. or non-US laws (e.g., Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq.) it has authorized CrowdStrike to access the Systems and process and transmit data through the Offerings in accordance with the Order and as necessary to provide and perform the Offerings, (iii) it has a lawful basis in having CrowdStrike investigate the Systems, process the Customer Data and the Personal Data; (iv) that it is and will at all relevant times remain duly and effectively authorized to instruct CrowdStrike to carry out the Offerings, and (v) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Customer Data and Customer Personal Data from each Customer and Customer Affiliate, to CrowdStrike.

                 8.  Falcon Platform.  The Falcon Endpoint Protection Platform (“Falcon EPP Platform”) uses a crowd-sourced environment, for the benefit of all customers, to help customers protect themselves against suspicious and potentially destructive activities. CrowdStrike’s Products are designed to detect, prevent, respond to, and identify intrusions by collecting and analyzing data, including machine event data, executed scripts, code, system files, log files, dll files, login data, binary files, tasks, resource information, commands, protocol identifiers, URLs, network data, and/or other executable code and metadata. Customer, rather than CrowdStrike, determines which types of data, whether Personal Data or not, exist on its systems. Accordingly, Customer’s endpoint environment is unique in configurations and naming conventions and the machine event data could potentially include Personal Data. CrowdStrike uses the data to: (i) analyze, characterize, attribute, warn of, and/or respond to threats against Customer and other customers, (ii) analyze trends and performance, (iii) improve the functionality of, and develop, CrowdStrike’s products and services, and enhance cybersecurity; and (iv) permit Customer to leverage other applications that use the data, but for all of the foregoing, in a way that does not identify Customer or Customer’s Personal Data to other customers. Neither Execution Profile/Metric Data nor Threat Actor Data are Customer’s Confidential Information or Customer Data.

                 9.  Processing Personal Data.  Personal Data may be collected and used during the provisioning and use of the Offerings to deliver, support and improve the Offerings, comply with law, or otherwise in accordance with these TCS. Customer authorizes CrowdStrike to collect, use, store, and transfer the Personal Data that Customer provides to CrowdStrike as contemplated in this Agreement.

                 10.  Compliance with Applicable Laws. Both CrowdStrike and Customer agree to comply with laws directly applicable to it in the performance of the ESS in accordance with the Order.

                 11.  Definitions.  For purposes of these Crowdstrike End User Terms, the following terms shall have the meaning as set forth below:

CrowdStrike” shall mean CrowdStrike, Inc.“

CrowdStrike Data” shall mean the data generated by the CrowdStrike Offerings, including but not limited to, correlative and/or contextual data, and/or detections.  For the avoidance of doubt, CrowdStrike Data does not include Customer Data.“

Customer Data” means the data generated by the Customer’s Endpoint and collected by the Products.“

Documentation” means CrowdStrike’s end-user technical documentation included in the applicable Offering.“

Endpoint” means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image.“

Execution Profile/Metric Data” means any machine-generated data, such as metadata derived from tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts, and processes, that: (i) Customer provides to CrowdStrike in connection with the Order or (ii) is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Customer or to the extent it includes Personal Data.“

Internal Use” means access or use solely for Customer’s own internal information security purposes.  By way of example and not limitation, Internal Use does not include access or use: (i) for the benefit of any person or Customer other than Customer, or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by Customer’s employees and Partner solely on Customer’s behalf and for Customer’s benefit.“

Entity” means an Entity of Partner that has agreed in writing to be contractually bound by these Entity Terms.“

Offerings” means, collectively, any Products or Product-Related Services.“

Partner” means Center for Internet Security, Inc.“

Personal Data” means information provided by Customer to CrowdStrike or collected by CrowdStrike from Customer used to distinguish or trace a natural person’s identity, either alone or when combined with other personal or identifying information that is linked or linkable by CrowdStrike to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable in the jurisdictions in which such person resides define such information as Personal Data.“

Product” means any of CrowdStrike’s cloud-based software or other products provided to Customer through Partner, the available accompanying API’s, the CrowdStrike Data, any Documentation.“

Product-Related Services” means, collectively, (i) Falcon OverWatch, (ii) Falcon Complete Team, (iii) the technical support services for certain Products provided by CrowdStrike, (iv) training, and (v) any other CrowdStrike services provided or sold with Products.“

Threat Actor Data” means any malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information or data, in each case that is potentially related to unauthorized third parties associated therewith and that is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Customer or to the extent that it includes Personal Data. 

VII. Title

The Endpoint Security Services include use of software that is licensed to CIS by a third-party provider, CrowdStrike, Inc. (“CrowdStrike”). All title and ownership rights of the software shall remain with CrowdStrike.

The Entity shall own all right, title and interest in data that it provides to CIS pursuant to this Agreement. Entity hereby grants CIS a non-exclusive, non-transferable license to access and use such data as is necessary to provide ESS and any Add-on Services under this Agreement.

VIII. Warranty

     A.  Warranty.  CIS warrants to Entity that, throughout the applicable Term: (i) the Endpoint Security Services and any Add-on Services will operate without Error; and (ii) industry standard techniques have been used to prevent the ESS and Add-on Services, at the time of installation, from injecting malicious software viruses into endpoints covered by this Agreement.  Entity must notify CIS of any warranty claim during the Term.  Entity’s sole and exclusive remedy, and the entire liability of CIS, for a breach of this warranty will be for CIS, at its own expense and election, to implement one of the following solutions: (a) use commercially reasonable efforts to provide a work-around or correct such Error; or (b) terminate this Agreement and Entity’s access to and use of ESS and Add-on Services, and refund the prepaid fee, prorated for the unused period of the Term.  CIS shall have no obligation to Entity regarding Errors reported after the end of the applicable Term.   

     B.  Exclusions. The warranties do not apply if the ESS or Add-on Services: (i) have been modified, except by CIS or CrowdStrike, or (ii) have not been installed, used, or maintained in accordance with this Agreement or the Documentation.

     C.  Disclaimer.  EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION VIII, CIS MAKES NO OTHER WARRANTIES RELATING TO THE ESS OR THE ADD-ON SERVICES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE, OR MERCHANTABILITY.  ENTITY ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT CIS DOES NOT GUARANTEE OR WARRANT THAT USE OF ESS AND/OR THE ADD-ON SERVICES WILL FIND, LOCATE OR DISCOVER ALL SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND ENTITY WILL NOT HOLD CIS RESPONSIBLE THEREFOR.  ENTITY AGREES NOT TO REPRESENT TO ANY THIRD PARTY THAT CIS HAS PROVIDED SUCH GUARANTEE OR WARRANTY.

IX. Amendments to the Order

This Order may only be amended if agreed to in writing by both Parties.

X. No Third Party Rights

Nothing in this Order shall create or give to third parties any claim or right of action of any nature against Entity or CIS.

XI. Confidentiality Obligation

CIS acknowledges that information regarding the infrastructure and security of Entity’s information systems, assessments and plans that relate specifically and uniquely to the vulnerability of customer information systems, Personal Data (as defined herein below), specific vulnerabilities identified as part of the Endpoint Security Services or Add-on Services, or information otherwise marked as confidential by Entity (“Confidential Information”) may be provided by Entity to CIS in connection with this Agreement.  The Entity acknowledges that it may receive from CIS trade secrets and confidential and proprietary information (“Confidential Information”). Both Parties agree to hold each other’s Confidential Information in confidence to the same extent and the same manner as each party protects its own confidential information, but in no event will less than reasonable care be provided and a party’s information will not be released in any identifiable form without the express written permission of such party or as required pursuant to lawfully authorized subpoena or similar compulsive directive or is required to be disclosed by law, provided that the Entity shall be required to make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. CIS further agrees that any third party involved in providing Endpoint Security Services shall be required to protect Entity’s Confidential Information to the same extent as required under this Agreement. CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees, agents and CIS’ cyber security partners, including federal partners, provided that such partners have agreed to protect the Confidential Information to the same extent as required under this Agreement.  The Parties agree to use all reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section XI. These confidentiality obligations shall survive the termination of this Agreement.

XII. Notices

     A.  All notices permitted or required hereunder shall be in writing and shall be transmitted either:  

1. via certified or registered United States mail, return receipt requested;

2. by personal delivery;  

3. by expedited delivery service; or  

4. by e-mail with acknowledgement of receipt of the notice. 

Such notices shall be addressed as follows or to such different addresses as the Parties may from time-to-time designate:

CIS
Address:  CIS Services
                  Center for Internet Security, Inc.
                  31 Tech Valley Drive
                  East Greenbush, NY 12061-4134 
Telephone:  (518) 880-0766 

E-Mail:       [email protected]
with cc to: [email protected]

     B.  Any such notice shall be deemed to have been given either at the time of personal delivery or, in the case of expedited delivery service or certified or registered United States mail, as of the date of first attempted delivery at the address and in the manner provided herein, or in the case of facsimile transmission or email, upon receipt.

     C.  The Parties may, from time to time, specify any new or different contact information as their address for purpose of receiving notice under this Agreement by giving fifteen (15) days written notice to the other Party sent in accordance herewith.  The Parties agree to mutually designate individuals as their respective representatives for the purposes of receiving notices under this Agreement.  Additional individuals may be designated in writing by the Parties for purposes of implementation and administration, resolving issues and problems and/or for dispute resolution.


Contract Version Date: 02/01/2024