End User License Agreement

This End User License Agreement, including the Member Agreement, Affiliate Agreement, CERES Forum Agreement, Managed Security Services Provider Agreement, FS-ISAC Operating Rules and CERES Forum Operating Rules which by this reference are incorporated herein (this "Agreement"), is a binding agreement between FS-ISAC and the entity identified on the Application Form (defined below) as the licensee of the FS-ISAC Intelligence Exchange ("Licensee"). This Agreement is subject to the terms and conditions contained in the FS-ISAC Terms.

FS-ISAC PROVIDES THE FS-ISAC INTELLIGENCE EXCHANGE SOLELY ON THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT AND ON THE CONDITION THAT LICENSEE ACCEPTS AND COMPLIES WITH THEM. AT ACCEPTANCE OF MEMBERSHIP, SUBSCRIBERSHIP OR PARTICIPATION YOU (A) ACCEPT THIS AGREEMENT AND AGREE THAT LICENSEE IS LEGALLY BOUND BY ITS TERMS; AND (B) REPRESENT AND WARRANT THAT: (I) YOU ARE OF LEGAL AGE TO ENTER INTO A BINDING AGREEMENT; AND (II) IF LICENSEE IS A CORPORATION, GOVERNMENTAL ORGANIZATION, OR OTHER LEGAL ENTITY, YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF LICENSEE AND BIND LICENSEE TO ITS TERMS. IF LICENSEE DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, FS-ISAC WILL NOT AND DOES NOT LICENSE THE FS-ISAC INTELLIGENCE EXCHANGE TO LICENSEE AND YOU MUST NOT USE THE FS-ISAC INTELLIGENCE EXCHANGE, CERES FORUM PORTAL OR DOCUMENTATION.

NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT OR LICENSEE'S ACCEPTANCE OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, NO LICENSE IS GRANTED (WHETHER EXPRESSLY, BY IMPLICATION, OR OTHERWISE) UNDER THIS AGREEMENT, AND THIS AGREEMENT EXPRESSLY EXCLUDES ANY RIGHT, CONCERNING ANY FS-ISAC INTELLIGENCE EXCHANGE OR CERES FORUM PORTAL THAT LICENSEE DID NOT ACQUIRE LAWFULLY OR THAT IS NOT A LEGITIMATE, AUTHORIZED COPY OF FS-ISAC'S INTELLIGENCE EXCHANGE OR CERES FORUM PORTAL.

1. DEFINITIONS. For purposes of this Agreement, the following terms have the following meanings:
  • “Authorized Users” means solely those individuals authorized to use the FS-ISAC Intelligence Exchange or CERES Forum Portal pursuant to the license granted under this Agreement
  • “Documentation” means user manuals, technical manuals, and any other materials provided by FS-ISAC, in printed, electronic, or other form, that describe the installation, operation, use, or technical specifications of the FS-ISAC Intelligence Exchange or CERES Forum Portal.
  • “Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, or other intellectual property rights laws, and all similar or equivalent rights or forms of protection, in any part of the world.
  • “Licensee” has the meaning set forth in the preamble.
  • “Application Form” means the application form filled out and submitted by or on behalf of Licensee, and accepted by FS-ISAC, for Licensee’s use of the license for the FS-ISAC Intelligence Exchange or CERES Forum Portal granted under this Agreement.
  • “FS-ISAC Intelligence Exchange” and “CERES Forum Portal” means the database and information sharing tools for which Licensee is obtaining a license.
  • “FS-ISAC Scout Platform” means the FS-ISAC service intended to function as a “digital vendor directory” that allows FS-ISAC Members to search for, identify, and contact cybersecurity service vendors.
  • “Proprietary Information” has the meaning set forth in Section 10.
  • ”Third-Party” means any person other than Licensee or FS-ISAC.

2. LICENSE GRANT AND SCOPE. Subject to and conditioned upon Licensee’s strict compliance with all terms and conditions set forth in this Agreement, FS-ISAC hereby grants to Licensee a non-exclusive, non-transferable, non-sublicensable limited license during the Term to use, solely by and through its Authorized Users, the FS-ISAC Intelligence Exchange and Documentation, the CERES Forum Portal or the FS-ISAC Scout Platform, as applicable.

3. INFORMATION SHARING. FS-ISAC provides for authenticated and, when appropriate, anonymous and confidential sharing between and among Licensees. Licensees may share information associated with cyber incidents, threats, vulnerabilities, and resolutions or solutions associated with critical infrastructures and technologies.

4. TRAFFIC LIGHT PROTOCOL (TLP). All information submitted, processed, stored, archived, or disposed of in connection with the FS-ISAC Intelligence Exchange will be classified and handled using TLP, defined in accordance with Traffic Light Protocol Designations. If no marking is specified, the information shall be treated as confidential information (TLP: Amber). Information classified as Green, Yellow, or Red must be disclosed, transported, stored, transmitted, and disposed of in a safe and secure manner using controls appropriate to the level of classification. These controls include, but are not limited to, encryption, shredding, securely erasing, and degaussing of media.

5. USE RESTRICTIONS. Licensee shall not, and shall require its Authorized Users not to, directly or indirectly:  

  1. use (including make any copies of) the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information, or Documentation beyond the scope of the license granted;
  2. share passwords, usernames or other login credential information provided by FS-ISAC solely to benefit Licensee;
  3. modify, translate, adapt, or otherwise create derivative works or improvements, whether or not patentable, of the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information, or Documentation or any part thereof;
  4. combine the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information or any part thereof with, or incorporate the FS-ISAC Intelligence Exchange, the CERES Forum Portal or any part thereof in, any other programs;
  5. reverse engineer, disassemble, decompile, decode, or otherwise attempt to derive or gain access to the source code of the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, or any part thereof;
  6. remove, delete, alter, or obscure any trademarks or any copyright, trademark, patent, or other intellectual property or proprietary rights notices provided on or with the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information, or Documentation, including any copy thereof;
  7. rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information, or any features or functionality of the FS-ISAC Intelligence Exchange, the CERES Forum Portal or FS-ISAC Scout Platform, to any Third Party for any reason, whether or not over a network or on a hosted basis, including in connection with the internet or any web hosting, wide area network (WAN), virtual private network (VPN), virtualization, time-sharing, service bureau, FS-ISAC Intelligence Exchange or CERES Forum Portal as a service, cloud, or other technology or service; or
  8. use the FS-ISAC Intelligence Exchange, the CERES Forum Portal, FS-ISAC Scout Platform, Proprietary Information, or Documentation in violation of any law, regulation, or rule.

6. RESPONSIBILITY FOR USE OF FS-ISAC Intelligence Exchange or CERES Forum Portal. Licensee is responsible and liable for all uses of the FS-ISAC Intelligence Exchange, the CERES Forum Portal and Documentation through access thereto provided by Licensee, directly or indirectly. Specifically, and without limiting the generality of the foregoing, Licensee is responsible and liable for all actions and failures to take required actions with respect to the FS-ISAC Intelligence Exchange, the CERES Forum Portal and Documentation by its Authorized Users or by any other Person to whom Licensee or an Authorized User may provide access to or use of the FS-ISAC Intelligence Exchange, the CERES Forum Portal, and/or Documentation, whether such access or use is permitted by or in violation of this Agreement.

7. RESPONSIBILITY FOR AND ACCEPTABLE USE OF FS-ISAC Scout Platform. Licensee is responsible and liable for all uses of the FS-ISAC Scout Platform through access thereto provided by Licensee, directly or indirectly. Specifically, and without limiting the generality of the foregoing, Licensee is responsible and liable for all actions and failures to take required actions with respect to the FS-ISAC Scout Platform by its Authorized Users or by any other Person to whom Licensee or an Authorized User may provide access to or use of the FS-ISAC Scout Platform, whether such access or use is permitted by or in violation of this Agreement. Licensee shall be responsible for all reviews and content provided to the Scout Platform, and is specifically required to ensure all reviews and content: (i) are accurate, relevant, and reasonably objective, (ii) refrain from the use of any derogatory, profane, defamatory, or otherwise objectionable language or content, (iii) contain no confidential material, trade secrets, personal information, or other material that could infringe on another party’s intellectual property, and (iv) otherwise comply with all applicable laws, rules, or regulations. In their use of the FS-ISAC Scout Platform, Licensee or an Authorized User may correspond, communicate, or otherwise interact with advertisers, sponsors, or other third parties offering their goods or services through the FS-ISAC Scout Platform. Any such activity, as well as the terms, conditions, warranties or representations entered into by any Licensee or Authorized User is solely between the Licensee or Authorized User and any such third party. FS-ISAC shall have no liability, obligation or responsibility for any such correspondence, communications or interactions with, and/or any associated agreements between Licensees or Authorized Users and third parties.

8. REPORTING A SUSPECTED COMPROMISE. ANY SUSPECTED COMPROMISE OR UNAUTHORIZED USE OF ANY CREDENTIAL MUST BE IMMEDIATELY REPORTED TO FS-ISAC at admin@fsisac.com or ceresadmin@fsisac.com. ANY VIOLATION OF THE REQUIREMENTS LISTED IN THIS AGREEMENT MAY RESULT IN IMMEDIATE TERMINATION OF LICENSEE’S ACCESS TO THE FS-ISAC INTELLIGENCE EXCHANGE OR THE CERES FORUM PORTAL AND LOSS OF FEES.

9. INTELLECTUAL PROPERTY RIGHTS. Licensee acknowledges and agrees that the FS-ISAC Intelligence Exchange, the CERES Forum Portal and Documentation are provided under license, and not sold, to Licensee. Licensee does not acquire any ownership interest in the FS-ISAC Intelligence Exchange, the CERES Forum Portal or Documentation, or the FS-ISAC Scout Platform under this Agreement, or any other rights thereto, other than to use the same in accordance with the license granted and subject to all terms, conditions, and restrictions under this Agreement. FS-ISAC reserves and shall retain its entire right, title, and interest in and to the FS-ISAC Intelligence Exchange, the CERES Forum Portal or the FS-ISAC Scout Platform and all Intellectual Property Rights arising out of or relating to the FS-ISAC Intelligence Exchange, the CERES Forum Portal or the FS-ISAC Scout Platform except as expressly granted to the Licensee in this Agreement. Licensee shall use commercially reasonable efforts to safeguard the FS-ISAC Intelligence Exchange, the CERES Forum Portal or FS-ISAC Scout Platform from infringement, misappropriation, theft, misuse, or unauthorized access. Licensee shall promptly notify FS-ISAC if Licensee becomes aware of any infringement of the FS-ISAC’s Intellectual Property Rights in the FS-ISAC Intelligence Exchange, the CERES Forum Portal or FS-ISAC Scout Platform and fully cooperate with FS-ISAC in any legal action taken by FS-ISAC to enforce its Intellectual Property Rights.

10. PROPRIETARY INFORMATION. Licensee acknowledges that content in the FS-ISAC Intelligence Exchange and the CERES Forum Portal is the confidential, proprietary, and trade secret property (“Proprietary Information”) of FS-ISAC. Licensee shall not disclose, provide, or otherwise make available the Proprietary Information to any person other than Licensee’s authorized employees or agents who are under a confidentiality agreement, and Licensee shall not use the Proprietary Information other than exclusively for Licensee's internal operational purposes. Licensee shall take steps to protect the Proprietary Information no less securely than if it were Licensee's own intellectual property and proprietary information, but also at all times in conformance with Traffic Light Protocol. The provisions of this Section 10 shall survive the termination of this Agreement.

11. GOVERNING LAW. Any disputes arising out of or related to this Agreement shall be resolved in accordance with the applicable FS-ISAC Terms.

###