CIS Malicious Code Analysis Program (“MCAP”) Subscription Agreement

This Malicious Code Analysis Program Subscription Agreement (this “Agreement”) is made between Center for Internet Security, Inc. (“CIS”), a Maryland non-profit, and the customer accepting the Agreement (“Customer”). By entering into this Agreement, Customer agrees to purchase a subscription (this “Subscription”) that allows for access to the Subscription Services described below. The Subscription is subject to the following terms and conditions.

I. Subscription Services

During the Subscription Term, CIS grants Customer access to CIS’s Malicious Code Analysis Platform (“MCAP”), a self-service, web-based environment in which Customer may submit suspicious URLs, executables, DLLs, documents, and other file types for automated threat analysis. MCAP leverages Cisco Secure Malware Analytics to analyze the behavior of files submitted (a “Query”), produce detailed analysis quantifying threats, and provide information intended to facilitate timely remediation (a “Report”). MCAP can be accessed through the CIS Portal or other means designated by CIS from time to time.

In addition to MCAP access, Customer is entitled to up to five (5) hours of individualized malware analysis support (“Malware Analysis”) during the first year, performed by the MS-ISAC Cyber Incident Response Team (CIRT). Malware Analysis may include further interpretation of Reports or manual analysis of malware submitted by Customer.

II. Use Rights

Subject to the restrictions in Section III, CIS grants Customer a limited, revocable, non-transferable license to: (i) access and use MCAP, with a limit of five (5) Queries per day (CIS may, in its sole discretion, waive this limit from time to time); and (ii) download, print, and reproduce the Reports and any writings CIRT provides with respect to Malware Analysis performed on Customer’s behalf.   

III. Restrictions on Use

Customer shall not, and shall not request or permit any individual or entity to:

1. transfer, sell, sublicense, monetize, or provide the functionality of any of the Subscription Services to any third party;
2. reverse engineer, decompile, decrypt, disassemble, modify, or make derivative works based on MCAP, any Report, or Malware Analysis;
3. share login credentials or otherwise provide third parties with access to the Portal, Reports, or other Subscription benefits; or
4. copy, post, publish or transmit any Report or Malware Analysis, if not expressly permitted under this Agreement or agreed to in writing by the relevant Parties.

IV. Intellectual Property & Customer Data

CISCO owns the copyright and other intellectual property and related rights, title, and interest in and to MCAP and the proprietary analysis it produces, including the Reports. CIS owns the copyright and all other intellectual property and related rights, title, and interest in and to analysis and other documents or works authored by CIRT, including those generated through the performance of Malware Analysis. Nothing in this Agreement transfers ownership in these or any other intellectual property rights. Notwithstanding the foregoing, Customer retains ownership of all data it enters into MCAP that has been designated as private at the of submission (“Private Data”). Customer may request removal of Private Data from MCAP at any time. Data entered into MCAP that is not Private Data may be anonymized and used by CIS or its authorized vendors and contractors to develop threat intelligence, or for other purposes consistent with CIS’s mission.

V. No Warranty; Limitation of Liability

MCAP, the Reports, and all OTHER services and products included within or accessed in connection with the Subscription are provided “as is” without any warranty of any kind, and to the maximum extent permitted under applicable law. CIS expressly disclaims any and all liability for Customer’s use of or reliance on analysis and other content available to Customer through or in connection with this Subscription, whether transmitted through the CIS Portal, by email, or otherwise, and whether resulting from submission of Queries, Malware Analysis, or other use of the Subscription Services.

Neither Party will be liable to the other for any indirect, incidental, special, consequential, or punitive damages in connection with this Agreement or its subject matter.

VI. Term and Termination

The first term of this Agreement is for one or more years, as listed in the relevant CIS Order (the “Initial Term”). Following the Initial Term, this Agreement will automatically renew for the same duration as the Initial Term (each a “Renewal Term”), until either Party informs the other of their intent to terminate. Customer may cancel at any time; however, CIS will not refund any Fees Customer has paid prior to termination.

VII. Fees and Payment

Customer will pay CIS an annual Subscription Fee (the “Fee”) for each Term, in the amount listed on the applicable Order issued by CIS. Each such Fee shall be due within thirty (30) days of the date on which the Order is issued unless the Order specifies otherwise.

Annually thereafter until it is terminated, the Agreement will automatically renew for successive one-year terms, and CIS will bill Customer an annual renewal Fee at the then-current rate (each a “Renewal Fee”). CIS will notify Customer approximately thirty (30) days before each renewal Fee is billed. No refunds of any kind will be provided, unless and to the extent required by applicable law.

VIII. Choice of Law; Jurisdiction

Unless otherwise required by applicable law, this Agreement will be governed and construed in accordance with the laws of the State of New York without regard to its conflict of law provisions. Any disputes related to this Agreement shall be brought in the federal or state courts located in New York.

IX. Miscellaneous

(a) Force majeure. Neither party is responsible for delay or failure to perform to the extent caused by events beyond a party’s reasonable control including: severe weather, acts of God or government, pandemic, war, terrorism, or the stability or availability of utilities, provided that the affected party shall make commercially reasonable efforts to mitigate the impact of the force majeure event.

(b) No waiver. Failure to enforce any right under these terms does not waive that right.

(c) Severability. If any term in this Agreement is invalid or unenforceable, then the rest of the terms will continue with full force and effect to the extent possible.

(d) Entire agreement. These terms are the complete agreement between the parties regarding their subject matter and replace all previous communications, understandings, or agreements, whether written or oral. For the avoidance of doubt, and whether or not CIS is deemed under applicable law to have accepted an offer by Customer, CIS objects to and rejects all additional and/or inconsistent terms contained in a Purchase Order (PO) or similar document submitted to CIS incidental to the Subscription purchased herein.

 

By proceeding with this purchase, Customer agrees that the terms and conditions listed above will govern purchase and use of the Subscription.

 

Contract Version Date: 3/6/26