Malicious Domain Blocking and Reporting Plus Terms and Conditions

II. Definitions

A. Security Operation Center (SOC) – 24 X 7 X 365 watch and warning center that provides cybersecurity infrastructure monitoring, dissemination of cyber threat warnings and vulnerability identification and mitigation recommendations.

B. Malicious Domain Blocking and Reporting Plus (“MDBR+”):

MDBR+ provides blocking of network traffic to known harmful web domains through the use of MDBR Provider’s domain name system (DNS) server with DNS lookup for known malicious domains. The MDBR+ service includes features such as logging and blocking attempts by Entity’s network to access known malicious domains, providing real-time cloud-based management portal access, off-network device protection, enhanced reporting and visibility, and custom configuration options. CIS will provide regular reporting to Entity to include information for all blocked requests and will assist Entity in restoring a blocked domain that Entity identifies as a legitimate domain to which it needs access. MDBR+ includes use of the Secure Internet Access Enterprise (SIA) service that is licensed to CIS by a third-party provider, Akamai Technologies, Inc.

III. Selection of MDBR+

CIS hereby agrees to supply Entity with MDBR+ as set forth in an Order. Additional services may be ordered by Entity during the Term. The Service Start Date of subsequent Orders for MDBR+ shall be the date of the approved Order but shall terminate as of the end of the applicable Term. Additional services may also be ordered from CIS by Entity by separate agreement with CIS.

IV. Term of this Agreement

This Agreement will commence on the date it is signed by both Parties (the “Effective Date”), and shall continue in full force and effect for the period specified in the Order (the “Term”).

V. Responsibilities of the Parties

A. Entity Responsibilities. Entity agrees that it will configure its network to enable Akamai’s DNS service to be used by Entity’s network. Entity agrees to provide an accurate accounting of Named User accounts and will be responsible for managing user accounts on Akamai’s Portal. Entity agrees to be solely responsible for any actions that may result from the creation of customized acceptable usage policies and the creation of allow/deny lists. Entity will be required to allow and block domains itself as a condition to utilizing MDBR+. If Entity determines that it no longer wishes to allow and block domains itself, it shall be required to submit a termination of custom allow\deny list ticket to CIS. Entity acknowledges that upon its termination of custom allow and block domains from MDBR+, domain permissions will revert to default settings, and it will need to submit tickets to CIS in order to allow and block domains in their tenant level list.

Entity acknowledges and agrees that reporting and associated data provided by Akamai will be shared with CIS for the purpose of allowing CIS to evaluate the value and effectiveness of the service. The information provided to CIS shall be treated by CIS in accordance with the terms of section XI herein.

B. CIS Responsibilities. CIS will enable an account with Akamai, which will provide Entity with MDBR+ services during the Term. CIS will receive reporting and associated data provided through the MDBR+ Service and shall provide Entity or Entity Facility with regular reporting on blocked requests and analysis, including remediation recommendations as appropriate. CIS will provide support via the SOC and other CIS support teams.

VI. Payment Terms

A. Initial MDBR+ Purchase. In consideration for receipt of MDBR+, Entity agrees to purchase the specified MDBR+ at the purchase price set forth in the Order in US Dollars (USD), which shall be due and payable within thirty (30) days of the Effective Date. Payment may be made by: (i) EFT transfer; (ii) check made payable to Center for Internet Security and mailed to CIS Accounts Receivable, 31 Tech Valley Drive, East Greenbush, NY 12061; or (iii) credit card transaction according to the instructions provided to Entity by CIS. The amount of the purchase price to be paid by Entity to CIS pursuant to this section shall not be reduced by any amount of any taxes or fees to be collected by a taxing jurisdiction, financial institution or payment processor incidental to the payment to CIS.

B. Purchase of MDBR+ for Subsequent Terms. At least sixty (60) days prior to the expiration of any Term of this Agreement. CIS will provide Entity an Order setting forth pricing for a subsequent Term. Payment for MDBR+ for a subsequent Term shall be due to CIS no later than the last day of the then-current Term, using any of the methods described in Section VI(A) above. In the event that such payment is not made prior to the end of the applicable Term, this Agreement shall not be renewed for a subsequent Term.

II. Title

The MDBR+ services include use of software that is licensed to CIS by a third-party provider, Akamai Technologies. (“Akamai”). All title and ownership rights of the software shall remain with Akamai.

Entity shall own all right, title and interest in its data that is provided to CIS pursuant to this Agreement. Entity hereby grants CIS a non-exclusive, non-transferable license to access and use such data as is necessary to provide the MDBR+ services specified in this Agreement.

VIII. Warranty

A. Warranty. CIS warrants to Entity during the applicable Term that: (i) the MDBR+ Services operate without Error; and (ii) industry standard techniques have been used to prevent the MDBR+ services at the time of installation from injecting malicious software viruses into Entity’s network covered by this Agreement. Entity must notify CIS of any warranty claim during the Term. Entity’s sole and exclusive remedy and the entire liability of CIS for its breach of this warranty will be for CIS, at its own expense, to do at least one of the following: (a) use commercially reasonable efforts to provide a work-around or correct such Error; or (b) terminate This Agreement and Entity’s access to and use of MDBR+ and refund the prepaid fee prorated for the unused period of the Term. CIS shall have no obligation regarding Errors reported after the applicable Term.

B. Exclusions. The express warranties do not apply if the MDBR+ (i) has been modified, except by CIS or Akamai, or (ii) has not been installed, used, or maintained in accordance with this Agreement or any applicable documentation.

C. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION VIII, CIS MAKES NO OTHER WARRANTIES RELATING TO THE MDBR+, EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, FITNESS FOR A PARTICULAR PURPOSE, OR MERCHANTABILITY.

ENTITY ACKNOWLEDGES, UNDERSTANDS AND AGREES THAT CIS DOES NOT GUARANTEE OR WARRANT THAT USE OF MDBR+ WILL FIND, LOCATE OR DISCOVER ALL SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND WILL NOT HOLD CIS RESPONSIBLE THEREFOR. ENTITY AGREES NOT TO REPRESENT TO ANY THIRD PARTY THAT CIS HAS PROVIDED SUCH GUARANTEE OR WARRANTY.

IX. Amendments to this Agreement

This Agreement may only be amended as agreed to in writing by both Parties.

X. No Third-Party Rights

Nothing in this Agreement shall create or give to third parties any claim or right of action of any nature against Entity or CIS.

XI. Confidentiality Obligation

CIS acknowledges that information regarding the infrastructure and security of Entity’s information systems, assessments and plans that relate specifically and uniquely to the vulnerability of customer information systems, Personal Data (as defined herein below), specific vulnerabilities identified as part of the MDBR+ services or information otherwise marked as confidential by Entity (“Confidential Information”) may be provided by Entity to CIS in connection with the services provided under this Agreement. The Entity acknowledges that it may receive from CIS trade secrets and confidential and proprietary information (“Confidential Information”). Both Parties agree to hold each other’s Confidential Information in confidence to the same extent and the same manner as each party protects its own confidential information, but in no event will less than reasonable care be provided and a party’s information will not be released in any identifiable form without the express written permission of such party or as required pursuant to lawfully authorized subpoena or similar compulsive directive or is required to be disclosed by law, provided that the Entity shall be required to make reasonable efforts, consistent with applicable law, to limit the scope and nature of such required disclosure. CIS further agrees that any third party involved in providing MDBR+ services shall be required to protect Entity’s Confidential Information to the same extent as required under this Agreement. CIS shall, however, be permitted to disclose relevant aspects of such Confidential Information to its officers, employees, agents and CIS’s cyber security partners, including federal partners, provided that such partners have agreed to protect the Confidential Information to the same extent as required under this Agreement. The Parties agree to use all reasonable steps to ensure that Confidential Information received under this Agreement is not disclosed in violation of this Section XI. These confidentiality obligations shall survive the termination of this Agreement.

XII. Notices

A. All notices permitted or required hereunder shall be in writing and shall be transmitted either:

1. via certified or registered United States mail, return receipt requested;
2. by personal delivery;
3. by expedited delivery service; or
4. by e-mail with acknowledgement of receipt of the notice.

Such notices shall be addressed as follows or to such different addresses as the Parties may from time-to-time designate:

CIS
Address: CIS Services
Center for Internet Security, Inc.
31 Tech Valley Drive
East Greenbush, NY 12061-4134
Telephone: (518) 880-0766
E-Mail: [email protected]
with cc to: [email protected]

Entity Shall provide contact information to CIS.

B. Any such notice shall be deemed to have been given either at the time of personal delivery or, in the case of expedited delivery service or certified or registered United States mail, as of the date of first attempted delivery at the address and in the manner provided herein, or in the case of facsimile transmission or email, upon receipt.

C. The Parties may, from time to time, specify any new or different contact information as their address for purpose of receiving notice under this Agreement by giving fifteen (15) days written notice to the other Party sent in accordance herewith. The Parties agree to mutually designate individuals as their respective representatives for the purposes of receiving notices under this Agreement. Additional individuals may be designated in writing by the Parties for purposes of implementation and administration, resolving issues and problems and/or for dispute resolution.

XIII. Governing Law and Jurisdiction

Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, any disputes arising in connection with this Agreement shall be governed and interpreted by the laws of the State of New York without regard to its conflict of law provisions. In the event that the laws of Customer’s jurisdiction require that the laws of that jurisdiction apply to all contracts entered into by Customer, then the laws of that jurisdiction shall apply.

XIV. Non-Waiver

None of the provisions of this Agreement shall be considered waived by either Party unless such waiver is given in writing by the other Party. No such waiver shall be a waiver or any past or future default, breach or modification of any of the terms, provision, conditions or covenants of the Agreement unless expressly set forth in such waiver.

XV. Entire Agreement; Counterparts; Amendments

This Agreement and any appendices attached hereto constitute the entire understanding and agreement between the Parties with respect to the subject matter hereof and replace and supersede all prior understandings, communications, agreements or arrangements between the parties with respect to this subject matter, whether oral or written. This Agreement may be executed in separate counterparts each signed by a Party and such counterparts deemed an executed whole with the full force and effect. Signatures may be exchanged by email or electronic signature and such signatures will be deemed original. This Agreement may only be amended as agreed to in writing by both Parties.

Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction, for the avoidance of doubt, and whether or not CIS is deemed under applicable law to have accepted an offer by Customer, CIS objects to and rejects all additional and/or inconsistent terms contained in a Purchase Order (PO) or other similar document submitted by Customer to CIS, incidental to the purchase described herein. Any such terms which are not specifically addressed or referenced in this Agreement are hereby rejected and not agreed to nor consented to by CIS, absent express written acceptance.

XVI. Partial Invalidity

If any provision of this Agreement be adjudged by a court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable.

XVII. Order of Precedence

Unless otherwise specifically prohibited by the laws of Customer’s jurisdiction or as otherwise agreed to between the Parties, in the event of a conflict between the terms of this Agreement and any other document executed between the Parties, the following order of precedence shall apply: (1) The terms contained in this Agreement; (2) An Order or Invoice provided by CIS to Customer; and (3) Any other document executed and/or agreed to in writing between the Parties.

 

Contract Version Date: 01/24/2023