Terms and Conditions for CIS MDBR Services

The following terms and conditions set forth the responsibilities and terms for applicable to the provision of MDBR Services by Center for Internet Security, Inc. (CIS) to Entity.

1. Definitions

Entity – the state, local, tribal or territorial organization, including any elections entity, that is the recipient of MDBR Services, subject to the terms set forth herein. Entity must be a member of the Multi-State Information Sharing & Analysis Center (MS-ISAC), the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC), or both in order to receive MDBR Services.

MDBR Provider – Akamai Technologies, whose Enterprise Threat Protector (ETP) service will be incorporated into the MDBR Services through license with CIS.

MDBR Services – Proactive blocking of network traffic to known harmful web domains through the use of MDBR Provider’s domain name system (DNS) server with DNS lookup for known malicious domains. MDBR Services will log and block attempts by Entity’s network to access known malicious domains. CIS will provide regular reporting to Entity to include information for all blocked requests and will assist Entity with remediation as needed.

2. Consideration

Pursuant to a funding agreement with the federal Cybersecurity and Infrastructure Security Agency with the federal government, CIS is providing MDBR Services at no charge to Entity.

3. Responsibilities of the Parties

a. Responsibilities of Entity

i. Entity agrees that it will configure its network to enable the Provider’s DNS service to be used by their network and shall maintain that configuration while receiving MDBR Services.

ii. Entity agrees that it will provide contact information for appropriate points of contact, including a technical point of contact, and will promptly notify CIS in the event that such point of contact information changes.

b. Responsibilities of CIS

i. CIS will enable an account with the MDBR Provider to enable Entity to receive MDBR Services.

ii. CIS, will receive reporting and associated data provided through the MDBR Services and shall provide Entity with regular reporting on blocked requests and analysis, including remediation recommendations as appropriate.

iii. In the event that Entity requests it, CIS shall provide remediation assistance related to malicious domain activity identified in the MDBR Services.

4. Information Sharing

The Entity shall own all right, title and interest in its data that is provided to the MDBR Provider and CIS as part of the MDBR Services. Entity acknowledges and agrees that DNS request information generated by the Entity will be shared with the MDBR Provider and CIS for the purpose of allowing CIS to perform the MDBR Services. The information provided to CIS as part of the MDBR Services shall be categorized as TLP RED information of Entity, in accordance with the terms of the US CERT Traffic Light Protocol and shall be subject to the information sharing and handling restrictions for TLP RED information.

5. Term/Termination

These terms shall take effect as of the dated accepted by Entity, and shall continue in full force and effect for a period ending on September 23, 2023 (the “Term”), unless otherwise earlier terminated by either party or is extended by agreement of the parties. Entity may terminate the MDBR Services at any time during the Term by providing ten (10) days’ prior written notice to CIS.

The ability and obligation of CIS to provide these MDBR Services to the Entity is, at all times, contingent on the availability and allocation of federal funds for this purpose.

6. No Third Party Rights

Nothing in this Agreement shall create or give to third parties any claim or right of action of any nature against Entity or CIS.

7. Disclaimer

Parties disclaim all express and implied warranties with regard to the MDBR Services provided for herein, and neither party assumes any responsibility or liability for the accuracy of the information provided as part of the MDBR Services or pursuant to these terms, or for any act or omission or other performance related to the MDBR Services, including any act or omission by MDBR Provider or other contractors or subcontractors of CIS.


Contract Version Date: 03/28/22