Terms and Conditions for CIS Albert Network Monitoring Services

These Terms and Conditions shall govern the purchase of Albert Monitoring Services between the Center for Internet Security, Inc. (“CIS”), located at 31 Tech Valley Drive, East Greenbush, NY 12061-4134, and Customer (CIS and Customer each a “Party” and collectively referred to as the “Parties”).


WHEREAS, CIS, through its Multi-State Information Sharing and Analysis Center (MS-ISAC) has been recognized by the United States Department of Homeland Security as the governmental ISAC and as a key Albert Monitoring resource for all fifty states, local governments, tribal nations and United States territories (“SLTTs”); and

WHEREAS, CIS operates twenty-four hours a day, seven days per week (24/7) Security Operations Center (SOC), as further described herein; and

WHEREAS, CIS offers fee-based Albert Monitoring Services (as defined herein) to SLTTs and Customer desires to procure such Albert Monitoring Services, subject to the terms and conditions set forth herein.

NOW, THEREFORE, in consideration of the mutual covenants contained herein, the Parties do hereby agree as follows:

I. Definitions

A. Albert Monitoring Services.Combined Netflow and intrusion detection system monitoring, with analysis of related data; event notification and delivery; and management of associated devices, including software necessary for service delivery. Also referred to as “Services.”

B. Security Operation Center (SOC). 24 X 7 X 365 watch and warning center that provides network monitoring, dissemination of cyber threat warnings and vulnerability identification and mitigation recommendations.

II. Selection of Albert Monitoring Services

Subject to the terms and conditions contained herein, CIS hereby agrees to supply Customer with the Albert Monitoring Services as requested during the term of this Agreement, including hardware if so requested by Customer and set forth in Appendix A. Initially, CIS shall provide Customer with the Albert Monitoring Services specified in Appendix A (“Initial Albert Monitoring Services”). Additional Albert Monitoring Services may be ordered by Customer during the Term of this Agreement by submitting a written request to CIS; such purchases are also subject to the terms and conditions contained in Appendix B described below, to extent applicable. The Service Start Date of subsequent orders for Albert Monitoring Services will be dependent upon CIS receiving sufficient information to begin services, but shall terminate as of the end of the applicable Term, as specified in Section V below.  Additional Cyber Security Services may also be ordered by Customer by separate agreement with CIS.

Request for additional services should be sent to:

Center for Internet Security, Inc.

31 Tech Valley Drive

East Greenbush, NY 12061-4134

Attn: CIS Services

or email to:  CIS_Services@cisecurity.org

III. Consideration, Payment Terms

A. Consideration. As consideration for the Albert Monitoring Services requested by Customer, Customer hereby agrees to pay to CIS the costs for one year of the Albert Monitoring Services as specified in Appendix A.

B. Pricing for Subsequent Terms. At least thirty (30) days prior to the end of any Term of this Agreement, CIS shall provide Customer with updated pricing for Albert Monitoring Services to apply for the subsequent Term.  Unless Customer terminates the Agreement in accordance with the provision of Section V(A) of this Agreement, the parties agree that Appendix A will be amended to incorporate the updated pricing for the subsequent Term.

C. Payment Terms. CIS shall invoice Customer for the Albert Monitoring Services.  Unless otherwise agreed to by the Parties in writing, Customer shall pay CIS within 30 days of receipt of invoice.

D. Review of Network Utilization. The Parties recognize that the pricing set forth in Appendix A is based on good faith estimates of network utilization provided to CIS by Customer. During the Term of this Agreement and any subsequent Renewal Terms, CIS shall have the right, but not the obligation, to review Customer’s daily average network utilization to determine whether such actual utilization meets or exceeds the utilization parameters agreed to in Appendix A. CIS shall have the right to increase the pricing set forth in Appendix A if Customer’s daily average network utilization exceeds the utilization limit of the pricing category on which Customer’s then-current pricing is based.  Such price increase shall be effective upon renewal, subject to the terms set forth in section III(B) above.

IV. Additional Terms and Conditions

Appendix B, which is attached hereto and incorporated herein, contains additional terms and conditions applicable to the purchase and implementation of Albert Monitoring Services.

V. Term of this Agreement; Termination

A. Term; Renewal. This Agreement will commence on the date it is signed by both Parties (the “Effective Date”), and Albert Monitoring Services will start as of the date that all pre-service requirements as set forth in Appendix B are met and monitoring services are available (the “Service Start Date”). This Agreement shall continue in full force and effect for a period of twelve (12) months from the Service Start Date (the “Term”), unless otherwise earlier terminated pursuant to the terms of this Section V.  The Agreement will automatically renew for an additional term(s) of one year unless either Party provides the other Party with written notice of its intent not to renew at least sixty (60) days prior to the end of the Term.

B. Termination. Unless otherwise specified in the additional terms and conditions related to the particular Albert Monitoring Service, either Party may terminate this Agreement and any Albert Monitoring Service being provided under this Agreement by providing written notice to the other Party ninety (90) days prior to such termination.

VI. Title, Limitation of Warranties and Liability

A. Title. CIS will at all times retain title to hardware and software provided to Customer during the Term of this Agreement. Customer shall retain title to all hardware and/or software purchased by Customer to provide Services under this Agreement.

The Customer shall own all right, title and interest in its data that is provided to CIS pursuant to this Agreement. Customer hereby grants CIS a non-exclusive, non-transferable license to access and use such data to the extent necessary to provide Albert Monitoring Services under this Agreement.


C. Right to Subcontract. In order to facilitate its performance of the Agreement, CIS may utilize a third-party subcontractor ("Subcontractor") to provide any or all of the services required of it under this Agreement. Prior to any such subcontracting, CIS shall enter into a written agreement with Subcontractor in which Subcontractor accepts responsibility for all obligations that would otherwise be performed by CIS in accordance with the terms of this Agreement.  Any written agreement between CIS and Subcontractor shall ensure for the provision of confidential information to require that Subcontractor abides by the same Confidentiality Terms contained herein. Customer may be directed to interact and communicate with Subcontractor at CIS’ direction.

VII. Confidentiality Obligation

CIS acknowledges that certain confidential or proprietary information may either be provided by Customer to CIS or generated in the performance of the Albert Monitoring Services, including without limitation:  information regarding the infrastructure and security of Customer’s information systems; assessments and plans that relate specifically and uniquely to the vulnerability of Customer’s information systems; the results of tests of the security of Customer’s information systems insofar as those results may reveal specific vulnerabilities; or information otherwise marked as confidential by Customer (“Confidential Information”).  The Customer acknowledges that it may receive from CIS trade secrets and confidential and proprietary information (“Confidential Information”).  Both Parties agree to hold each other’s Confidential Information in confidence to the same extent and the same manner as each Party protects its own confidential information, but in no event will less than reasonable care be provided and a Party’s information will not be released in any identifiable form without the express written permission of such Party or as required pursuant to lawfully authorized subpoena or similar compulsive directive or is required to be disclosed by law, provided that the Customer shall be required to make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure.  CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees and CIS’s federal partners provided that they agree to protect the Confidential Information to the same extent as required under this Agreement.  The Parties agree to use all reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section VII.  The obligations of the Parties pursuant to this paragraph shall survive the termination of this Agreement. Nothing in this Agreement shall prohibit CIS from using aggregated data of its customers in any format for any purpose, provided that such data cannot be identified to or associated with Customer.

VIII. Force Majeure

Neither Party shall be liable for performance delays or for non-performance due to causes beyond its reasonable control.

IX. No Third Party Rights

Except as otherwise expressly stated herein, nothing in this Agreement shall create or give to third parties any claim or right of action of any nature against Customer or CIS.

X. Assignment

Neither Party may assign their rights and obligations under this Agreement without the prior written approval of the other Party, which approval shall not be unreasonably withheld, conditioned or delayed. This Agreement shall be binding upon and inure to the benefits of each Party and their respective successors and assigns.

XI. Notices

A. All notices permitted or required hereunder shall be in writing and shall be transmitted either: via certified or registered United States mail, return receipt requested; by facsimile transmission; by personal delivery; by expedited delivery service; or by e-mail with acknowledgement of receipt of the notice.

Such notices shall be addressed as follows or to such different addresses as the Parties may from time-to-time designate:


Name:          CIS Services

Address:      Center for Internet Security, Inc.

31 Tech Valley Drive

East Greenbush, NY 12061-4134

Phone:        (518) 880-0766                

E-Mail:        CIS_Services@cisecurity.org

Customer – To be provided to CIS prior to Service Start Date.

B. Any such notice shall be deemed to have been given either at the time of personal delivery or, in the case of expedited delivery service or certified or registered United States mail, as of the date of first attempted delivery at the address and in the manner provided herein, or in the case of facsimile transmission or email, upon receipt.

C. The Parties may, from time to time, specify any new or different contact information as their address for purpose of receiving notice under this Agreement by giving fifteen (15) days written notice to the other Party sent in accordance herewith. The Parties agree to mutually designate individuals as their respective representatives for the purposes of receiving notices under this Agreement.  Additional individuals may be designated in writing by the Parties for purposes of implementation and administration, resolving issues and problems and/or for dispute resolution.

XII. Governing Law and Jurisdiction

Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, any disputes arising in connection with this Agreement shall be governed and    interpreted by the laws of the State of New York without regard to its conflict of law provisions. In the event that the laws of Customer’s jurisdiction require   that the laws of that jurisdiction apply to all contracts entered into by         Customer, then the laws of that jurisdiction shall apply.

XIII. Non-Waiver

None of the provisions of this Agreement shall be considered waived by either Party unless such waiver is given in writing by the other Party.  No such waiver shall be a waiver or any past or future default, breach or modification of any of the terms, provision, conditions or covenants of the Agreement unless expressly set forth in such waiver.

XIV. Entire Agreement; Amendments

This Agreement and the appendices attached hereto constitute the entire understanding and agreement between the Parties with respect to the subject matter hereof and replace and supersede all prior understandings, communications, agreements or arrangements between the parties with respect to this subject matter, whether oral or written. This Agreement may only be amended as agreed to in writing by both Parties.

XV. Partial Invalidity

If any provision of this Agreement be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.


APPPENDIX A-Initial Albert Monitoring Services Order – to be completed by CIS.

APPENDIX B-Additional Terms and Conditions for Albert Monitoring Services


To be completed by CIS.



The following terms and conditions set forth the respective responsibilities of CIS and Customer in establishing and maintaining Albert Monitoring Services.

I.  CIS Responsibilities

CIS will provide the following as part of the Albert Monitoring Services, as specified below:

A. Monitoring and Event Related Services. CIS will provide the following monitoring and event related services:

  1. Specifications for the sensor(s)/server(s) to be purchased by Customer for provision of the Albert Monitoring Services.
  2. Analysis of events from monitored devices for attacks and malicious traffic.
  3. Analysis of security events.
  4. Correlation of security data/logs/events with information from other sources
  5. Notification of security events per the Escalation Procedures provided by Customer.
  6. 24/7 telephone (1-866-787-4722) availability for assistance with resolution of security events detected by the Albert Monitoring Services.

B. Device Management: CIS will be responsible for the correct functioning of devices used as part of Albert Monitoring Services, including ensuring that all upgrades, patches, configuration changes and signature upgrades are applied to such devices.

C. Batch Queries: CIS will process batch queries of Netflow data upon Customer request, with a limit of 10 queries per month per device.  CIS maintains flow records for a period of three (3) months.

II. Customer Responsibilities

A.  Customer acknowledges and agrees that CIS’s ability to perform the Albert Monitoring Services is subject to Customer fulfilling certain responsibilities listed below.  Customer acknowledges and agrees that CIS shall not have any responsibility whatsoever to perform or to continue to perform Albert Monitoring Services in the event Customer fails to meet its responsibilities described below.

B.  For purposes of this Agreement, Customer acknowledges and agrees that only those security devices supported by CIS fall within the scope of this Agreement.

C.  Customer shall provide the sensor(s)/server(s) to be used for Albert Monitoring Services, using the specifications provided by CIS, and in type and numbers as agreed to in this Agreement.  Customer shall also provide logistic support in the form of rack space, electricity, Internet connectivity, and any other infrastructure necessary to support communications at Customer’s expense

D.  Customer shall provide the following to CIS prior to the commencement of Albert Monitoring Services and at any time during the Term of the Agreement if the information changes:

  1. Current network diagrams to facilitate analysis of security events on the portion(s) of Customer’s network being monitored.  Network diagrams will need to be revised whenever there is a substantial network change;
  2. Reasonable assistance to CIS, including, but not limited to, providing all technical information related to the Albert Monitoring Service reasonably requested by CIS, to enable CIS to perform the Albert Monitoring Service for the benefit of Customer;
  3. Public and Private IP address ranges including a list of servers being monitored including the type, operating system and configuration information, as well as a list of IP ranges and addresses that are not in use by Customer (DarkNet space);
  4. Completed Pre-Installation Questionnaires (PIQ) in the form provided by CIS. The PIQ will need to be revised whenever there is a change that would affect CIS’s ability to provide the Cyber Device Monitoring Services;
  5. A completed Escalation Procedure Form including the name, e-mail address, and 24/7 contact information for all designated Points of Contact (POC); and
  6. The name, email address, and landline, mobile, and pager numbers for all shipping, installation and security points of contact.

E.  During the Term of this Agreement, Customer shall provide the following with respect to any Device Monitoring Services:

  1. Written notification to CIS SOC (SOC@cisecurity.org) at least thirty (30) days in advance of changes in hardware or network configuration affecting CIS’s ability to provide Albert Monitoring Services;
  2. Written notification to CIS SOC (SOC@cisecurity.org) at least twelve (12) hours in advance of any scheduled downtime or other network and system administration scheduled tasks that would affect CIS’s ability to provide Albert Monitoring Service;
  3. A revised Escalation Procedure Form must be submitted when there is a change in status for any POC.
  4. Sole responsibility for maintaining current maintenance and technical support contracts with Customer’s hardware vendors for any device affected by Albert Monitoring Services.
  5. Active involvement with CIS SOC to resolve any tickets requiring Customer input or action; and
  6. Reasonable assistance in remotely installing and troubleshooting devices including hardware and communications.