Terms Of Use

This License Agreement sets forth the terms and conditions governing use of the Controls Self-Assessment Tool (as further described below, the "Tool") owned and delivered by Center for Internet Security, Inc. ("CIS"). By accessing or using the Tool, Licensee agrees to be bound by this Agreement. If Licensee does not agree to this Agreement, Licensee is not allowed to access or use the Tool.

1. Definitions

Agreement shall mean this document.

CIS Controls shall mean the CIS Critical Security Controls, v. 7.0 and later. Use of CIS Controls is subject to Creative Commons Attribution-Non Commercial-No Derivatives 4.0 International Public License (the link can be found at https://creativecommons.org/licenses/bync-nd/4.0/legalcode ).

Confidential Information shall mean any and all information provided by Licensee in connection with the use of the Tool. Confidential information shall include, without limitation, the Tool, the information provided by Licensee in registering or using the Tool, including, without limitation, any documents uploaded by Licensee to the Tool.

Delivery Date shall mean the date Licensee first registers to access the Tool.

License shall mean the right to use the Tool granted to Licensee by CIS through this Agreement.

Licensee shall mean you, or in the case of an organization, your organization as an entity and its employees accessing and using the Tool.

Tool shall mean the Controls Self-Assessment Tool, a web-based tool that allows Licensee to assess and document the status of their cybersecurity posture against the CIS Controls.

2. Ownership and Copyright.

The Tool is the property of CIS, and is protected by copyright law as well as other statutory and nonstatutory intellectual property law. CIS product names are owned by CIS and are protected under trademark law. All title and copyrights in and to Tool, trademarks and the accompanying materials and rights are and shall remain owned fully and solely by CIS. Through this Agreement, Tool is licensed, not sold. The ownership of the data entered into the Tool by Licensee is the property of the Licensee.

3. Grant of License.

Subject to the terms and conditions of this Agreement, CIS grants Licensee a non-exclusive, perpetual non-assignable worldwide right to use of the Tool for the purpose of assessing and documenting Licensee’s cybersecurity posture against the CIS Controls. The License is registered in Licensee's name, commences on the Delivery Date and is effective until terminated in accordance with the terms and conditions set forth in this Agreement. Licensee undertakes not to use Tool as part of any offerings comprising functionality that is substantially similar to that of Tool or any other products that CIS is offering, during the term of this Agreement, and for a period of three (3) years after termination. CIS reserves all rights not expressly granted to Licensee in this Agreement. Without limiting the generality of the foregoing, Licensee acknowledges and agrees that: (a) except as specifically set forth in this Agreement, CIS retains all right, title and interest in and to Tool, and Licensee does not acquire any right, title or interest to Tool except as set forth herein; (b) any configuration or deployment of Tool shall not affect or diminish CIS’s rights, title or interest in and to Tool. Licensee further acknowledges and agrees that the Tool incorporates the provisions of the CIS Controls, and that use of the Tool and the contents are subject to the license applicable to CIS Controls. Except as stated in the foregoing subsection, nothing in this Agreement shall limit in any way CIS’s right to develop, use, license, create derivative works of, or otherwise exploit Tool, or to permit third parties to do so. Licensee shall not modify, delete or obscure any notices of proprietary rights or any Tool identification or restrictions on or in Tool found in the license-header of the code files of Tool. Licensee undertakes not to brand Tool as Licensee’s own or declare or give the impression that Licensee owns the copyright in Tool. Licensee may use CIS name in its marketing, promotion and website, as is reasonably necessary for the limited purpose of describing the Tool and Licensee’s use of the Tool. Licensee agrees to conduct its business with the highest standards and will do nothing to injure CIS’s reputation.

4. Warranties and Representation

4.1 Scope. CIS's warranties and representations in this section are limited to Tool provided to Licensee under this Agreement.

4.2 CIS's warranties and representations. CIS warrants and represents that: for a period of ninety (90) days following Delivery Date of Tool, Tool will perform substantially in accordance with CIS’s written specifications, provided that it has been used in accordance with these terms of service and any instructions provided with the Tool; CIS will perform its obligations under this Agreement in accordance with all applicable laws and regulations; CIS has the full and unconditional ownership of Tool, this Agreement does not infringe intellectual property rights of any third party; The Tool does not include any third party tool or software; Licensee may make full use of License granted to it in full knowledge of the above; CIS has the requisite knowledge, personnel, resources and know-how to deliver Tool as contemplated by this Agreement in a professional manner; and CIS has not intentionally placed, and will use its best efforts to avoid the placement of any Harmful Codes into Tool provided under this Agreement. For the purpose of this section 4.2 "Harmful Codes" is defined as any program that infects, damages and/or impairs another program or data, disables hardware or Tool, or permits or assists in the breach of data.

In the event of breach, or alleged breach of any of the warranties in this section, Licensee’s sole remedy in such an event shall be that CIS shall re-supply or correct the Tool so that it operates according to the warranties set out in this section. The warranties shall not apply if Licensee has modified, or used Tool improperly.

5. Limitation of Liability.

The Tool is provided by CIS ‘as is’ and may have errors and omissions. Thus remedies are only available to Licensee in the event of any breach of the warranties set out in section 4. UNDER NO CIRCUMSTANCES, AND EVEN IF INFORMED THEREOF BY LICENSEE OR ANY OTHER PARTY, SHALL CIS BE LIABLE FOR (i) LOSS OF, OR DAMAGE TO, DATA; (ii) SPECIAL, INCIDENTAL, CONSEQUENTIAL OR INDIRECT DAMAGES; OR (iii) LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS.

6. Intellectual Property Infringement.

CIS will defend, indemnify and hold Licensee harmless against any claim stating that Tool is violating any Third Party copyright provided that Licensee promptly notifies CIS of the claim, such notice to be provided no later than ten (10) business days after receipt of said claim(s). A hardcopy of the notices of copyright infringement is sent to: CIS, 31 Tech Valley Drive, East Greenbush, NY 12061, Attention: Chief Counsel. Licensee shall in good faith make commercially reasonable efforts to stop any claim made against Licensee by any third party related to the Tool, Notwithstanding anything to the contrary herein, CIS shall have sole control of the defense and any related settlement negotiations in the case of legal proceedings., Licensee agrees to timely provide CIS with all necessary assistance, information and authority to perform the above. If Tool is held by a final court ruling to be infringing any third party intellectual property rights, CIS will at its option: (i) obtain the right for Licensee to continue to use Tool consistent with this Agreement; (ii) modify Tool so that it is non-infringing; or solely in the event that (i) and (ii) are not feasible, terminate this Agreement.

7. Confidentiality.

For the purpose of this section each Party shall be called Disclosing Party and Receiving Party respectively. Each Party acknowledges that Confidential Information is proprietary, that it is valuable to Disclosing Party and that any disclosure or unauthorized use thereof may cause irreparable harm and loss to Disclosing Party. Confidential Information shall not include information that (i) is generally known to the public at the time of disclosure; (ii) is legally received by Receiving Party from a Third Party, which Third Party is in rightful possession of Confidential Information, (iii) becomes generally known to the public subsequent to the time of such disclosure, but not as a result of disclosure by Receiving Party, or (iv) prior to signing of this Agreement, is already in the possession of Receiving Party. Obligations of receiving Party in regards to Confidential Information: In consideration of the disclosure to Receiving Party of Confidential Information, Receiving Party agrees to receive and to treat Confidential Information on a confidential and restricted basis and to undertake the following additional obligations with respect thereto: to use Confidential Information for the sole purpose of fulfilling this Agreement unless otherwise expressly agreed to in writing by Parties; not to duplicate, in whole or in part, any Confidential Information; not to disclose Confidential Information to its members, officers, employees, Affiliates, counsel or consultants except on a need-to-know basis, and each such person Receiving Confidential Information shall be notified of and required to abide by the terms and conditions of this Agreement; not to disclose Confidential Information to any Third Party entity or individual, corporation, partnership, sole proprietorship, customer, advisor or client without the prior express written consent of Disclosing Party. This confidentiality section shall survive any termination of the Agreement however occasioned.

8. Data Privacy.

The information entered by Licensee into the Tool will be stored on an account held by CIS in AWS’s US East region. The storage of the data is subject to AWS’s terms of services, which can be found here: https://aws.amazon.com/service-terms/ . By agreeing to this License Agreement and accessing the Tool, Licensee agrees to be bound by the terms of service from AWS.

CIS will have access to Licensee’s data in the AWS US East region and by accepting this License Agreement and using and accessing the Tool, Licensee agrees to allow CIS to use Licensee’s data entered into the Tool for the following purposes: (1) to deliver the Tool’s service; (2) to ensure that the Tool is working as intended and to make improvements to the Tool and the CIS Controls; (3) to identify and offer additional tools and services related to cybersecurity.

9. Term and Termination.

Either Party may terminate this Agreement in the event of a material breach of this Agreement by the other Party by providing the other Party with written notice and an opportunity of ten (10) business days to cure such breach. On termination of this Agreement: 1. Sections 2, 5, 7, 8 and 14 shall survive; 2.. Licensee shall immediately cease use and distribution of Tool; and 3.. each Party must remove, delete or otherwise destroy any of other Party‘s material that it has received, copied or otherwise obtained, including but not limited to Confidential Information, except for information required to support any license, sublicense or maintenance obligations already granted or undertaken by Licensee towards any Third Party. A written confirmation that such deletion has been completed shall be sent to the other Party without undue delay.

10. Relationship Between Parties.

Parties are independent contractors, and this Agreement will not be construed as constituting either Party as partner, joint venture, agency or fiduciary of the other, as creating any other form of legal association that would impose liability on one Party for the act, or failure to act, of the other, or as providing either Party with the right, power, or authority (express, or implied) to create any duty or obligation of the other. Neither Party shall directly or indirectly represent to the public that it has the right or the authority to create or accept obligations on behalf of the other Party. Except as otherwise expressly provided in this Agreement, each Party has the sole right and obligation to supervise, manage, contract, direct, procure, perform or cause to be performed all work to be performed by it under this Agreement.

11. Severability.

In the event any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force.

12 Waiver.

The waiver by either CIS or Licensee of any default or breach of this Agreement shall not constitute a waiver of any other or subsequent default or breach. Except for actions for breach of CIS’s intellectual proprietary rights in Tool, no action, regardless of form, arising out of this Agreement may be brought by Licensee more than one (1) year after the cause of action has occurred.

13. Non-assignment.

Licensee is not allowed to assign or transfer all, or any part of its rights under this Agreement without CIS’s prior written consent. Notwithstanding the foregoing, either Party may assign this Agreement in its entirety to its Affiliate(s), or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. In such case, Licensee shall notify CIS in writing without undue delay, and unless otherwise agreed upon in writing, this Agreement shall bind, and inure to the benefit of Parties, their respective successors, and permitted assigns.

14. Applicable Law and Venue.

This Agreement shall be governed by and construed in accordance with the laws of the State of New York. Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination, or invalidity thereof, Parties shall seek to solve amicably through negotiations.

15. Amendments.

No amendment to, or modification of this Agreement will be binding unless made in writing and signed by Parties. Parties agree that any additional or different terms in any other document or arrangement not forming part of this Agreement, including any letter or terms of engagement or the like, purchase order, invoice, acknowledgment, delivery receipt, confirmation or other delivery or acceptance document issued by or on behalf of CIS, or by or on behalf of Licensee at the request of CIS, shall be void, and of no force or effect if in breach with this Agreement.

16. Entire Agreement.

This Agreement, is the entire agreement between CIS and Licensee relating to this relationship and supersedes all prior or contemporaneous oral or written communications, proposals and representations relating to that relationship.

17. Notices.

All notices to be given under this Agreement to CIS shall be sent to contracts@cisecurity.org. Information from CIS to Licensee shall be sent by email to the email address Licensee has provided upon purchase. It is Licensee’s responsibility to ensure that the e-mail address is correct. CIS does not take responsibility for lost communication. All notices, demands or other communication given by a party to the other shall be deemed to have been duly given when made in writing and sent to the registered e-mail address.