Form 10037 (12/07) 10037 (12/07) MOA PCC - Data Host

OMB No. 1640-New
Expires: TBD
DHS PREDICT Memorandum of Agreement between PREDICT Coordinating
Center and Data Host Form
Cover Sheet
1. Department Name: Department of Homeland Security
2. Component/Agency Name: Science and Technology Directorate
3. OMB Control Number: 1640-New
4. Expiration Date: TBD (Three years from approval date)
5. Agency Form Number:
6. Name of Form: Memorandum of Agreement (MoA) between PREDICT
Coordinating Center (PCC) and Data Host
7. Purpose of Form: The MoA is required for all applications to be a data host.
The MoA defines the roles of the Data Host and the PCC
8. How to submit: Sign and fax to the PREDICT Coordinating Center, RTI
International, Attn: Renee Karlsen, 866.835.0255 (toll free).

6

COVER LETTER
MEMORANDUM OF AGREEMENT
Thank you for your interest in joining the PREDICT community. In order for your application to be
considered you must execute the attached Memorandum of Agreement. The memo must be received
before your application can be considered.
Directions:
1. Print out the MOA.
2. Fill in appropriate names.
3. Complete all Attachments as they pertain to your application
4. Complete the Contact Information form below with the requested information for the person who
is signing this document.
5. Sign and fax to the PREDICT Coordinating Center, RTI International, Attn: Renee Karlsen, at
866.835.0255 (toll free.). An executed copy will be returned to you for your files.
Questions regarding your application may be directed to the PCC via email: [email protected]
Contact Information
Name
Title
Organization
Address
City

State

Zip

Email
Phone
Fax

An agency may not conduct or sponsor an information collection and a person is not required to respond to this information
collection unless it displays a current valid OMB control number and an expiration date. The control number for this
collection is 1640-XXXX and this form will expire on XX/XX/XXXX. The estimated average time to complete this form is
45 minutes per respondent. If you have any comments regarding the burden estimate you can write to Department of
Homeland Security, Science and Technology Directorate, Washington, DC 20528

DHS Form 10037 (12/07)

Rev. 12-16-05

Page 1 of 8

MEMORANDUM OF AGREEMENT
PCC AND DATA HOST
This Memorandum of Agreement (Agreement or MOA) is between __________________________ (Data Host)
and the RTI International PREDICT Coordinating Center (PCC), (together the Parties). PCC supports the
Protected Repository for the Defense of Infrastructure against Cyber Threats (PREDICT) project sponsored by the
United States Department of Homeland Security (DHS). The PCC facilitates the data flow between PREDICT
participants, processes applications from Researchers/Users for access to Data and publication of research results,
develops metadata catalogs, and develops protocols (which are subject to DHS approval) to protect the
confidentiality and integrity of data and direct its proper usage.
It is anticipated that the following eight types of organizations will participate (Participants) in project PREDICT:
Department of Homeland
Security (DHS)
PCC

Data Providers

Researchers/Users

Data Hosts

Sponsoring
Institutions

Application Review
Board (ARB)
Publication Review
Board (PRB)

The definitions of terms used herein and Participants’ roles are as follows:
Data is the information described in Attachment A that is owned or controlled by the Data Provider and made
available to the PREDICT project via a Data Host.
Metadata, as described in Attachment A, is information about the Data (but not the Data itself) which Data
Provider and/or Data Host agree to disclose to the PCC and to permit the PCC to compile in a catalog with other
Metadata which is accessible by Data Providers and Data Hosts via the PREDICT portal, and which PCC may
further disclose to approved Researchers/Users in a manner consistent with the terms of this Agreement. The
PCC agrees to receive the Metadata, enter the Metadata in the PREDICT data catalog, and facilitate the release of
the Metadata to Researchers/Users in accordance with the terms of this Agreement.
DHS will provide funding to the PCC and the Data Hosts for the PREDICT project via separate agreements
entered into individually between DHS and the PCC, and DHS and Data Hosts.
PCC will receive and catalog Metadata about the Data and make the Metadata catalog available to approved
Researchers/Users, subject to the terms and conditions in Attachment B. PCC does not store, maintain, or have
access to any of the Data.
Data Provider shall mean an entity that provides Data that it owns or has a right to control and disclose to the
PREDICT project via a Data Host, subject to the terms and conditions of this Agreement. A Data Provider may
select a Data Host to receive and host the Data or it may host its own Data, in which case it shall also be deemed a
Data Host and enter into a “Memorandum of Agreement” between PCC and Data Host. If Data Provider selects a
third party Data Host to store its Data, Data Provider will provide Data to a Data Host who will host the Data for
the benefit of the PREDICT project, subject to terms and conditions in Attachment B. A Data Provider must enter
into a Data Provider “Memorandum of Agreement” with PCC.
Data Host shall mean an entity that provides computing infrastructure to store Data received from one or more
Data Providers, and provides Researchers/Users access to Data when the Researcher/User’s application requesting
Data has been approved by the Application Review Board. Data Host may also host its own Data. If Data Host
hosts its own Data, it shall also enter into a Data Provider “Memorandum of Agreement” with PCC.
Researcher/User shall mean a person or entity that is a member of the cyber defense research and development
community and who completes an official PCC application requesting Data from PREDICT for use in research
and is approved by the ARB for access to Data. A Researcher/User which is an entity shall complete the

2

Rev. 12-16-05

application for itself, identifying an individual employed by the entity to serve as the Data Custodian. An
individual Researcher/User must be affiliated with and obtain a letter of support from a Sponsoring Institution as
part of his/her PCC application for Data.
Data Custodian shall mean the person with primary responsibility for the receipt, security, oversight, use, and
return of Data on behalf of the Researcher/User. An approved individual Researcher/User shall be deemed the
Data Custodian for his/her application.
Sponsoring Institutions shall mean an organization that is affiliated with or otherwise sponsors a Researcher/User
and validates his or her research and need for Data, and which agrees to notify PCC in the event of a change in the
sponsored Researcher/User’s affiliation with the Sponsoring Institution.
Application Review Board (“ARB”) shall mean an entity that reviews and approves or rejects applications for
requested Data or Metadata and forwards approved applications to Data Hosts for delivery of Data, and to PCC to
enable access to Metadata. The composition of the ARB is described below.
Publication Review Board (“PRB”) shall mean an entity that reviews and comments upon applications from
Researchers/Users or Sponsoring Institutions to publish or otherwise release any study results or other
information relating to Data or Metadata received through PCC. The PRB is empowered to reject applications to
publish should the proposed publication violate the terms associated with the Data, including attribution of the
source of the Data, or applicable laws and regulations governing release of Data, and the proposed author or
publisher refuses to amend the publication to comply with the terms, laws, or regulations. The composition of the
PRB is described below.
Data Host Obligations
1. Data Host shall accept Data from Data Provider(s) for release to approved Researchers/Users subject to the
terms and conditions for access and use as set forth in Attachment B.
2. Data Host will provide terms and conditions for receipt, handling, storage, and distribution of the Data as
agreed with particular Data Providers, as Data Host deems necessary to accomplish efficient and secure access to
Data as required under the PREDICT project. These terms and conditions shall be set forth in Attachment B.
3. Data Host will provide the PCC with Metadata on the Data it agrees to make available. See Attachment A for
a description of the information to be provided. The Metadata will be catalogued and available to persons with an
approved PREDICT account with the PCC, including Data Providers, Data Hosts, and approved
Researchers/Users. Data Host will NOT provide access to any Data to any Researchers/Users other than those
approved by the PCC, and then only under the terms for access as set forth in Attachment B. The PCC shall have
no liability to Data Host for the release of any Data to Researchers/Users or other third parties described in this
provision.
4. Data Host acknowledges that the PCC may compile the Metadata it receives from Data Provider with other
Metadata PCC receives from other Data Providers or Data Hosts into an evolving Metadata file, which may then
be released to other approved Researchers/Users. Data access approval given to a Researcher/User in any
application will permit access to the requested Data and to PREDICT Metadata by that Researcher/User,
regardless of approval or denial of access to that Researcher/User in any other application.
5. Data Host acknowledges that this is a research effort and that the Data it provides will be shared and used for
research purposes. Data Host is responsible for ensuring that any Data it releases complies with this Agreement
and any agreements it may have with third parties, and is consistent with Data Host’s own privacy, security, or
other policies and procedures applicable to the Data. The terms and conditions of this Article are for the primary
benefit of PCC and Data Host; however, a violation by Data Host of these obligations may create harm to
Researcher/Users of the Data to which access has been granted. Those Parties are therefore deemed, to the extent

3

Rev. 12-16-05

permitted by law, third party beneficiaries under this Agreement for only those purposes and Data Host hereby
acknowledges the third party beneficiary rights, to the extent permitted by law, of such Researcher/Users for
whom access to Data provided by Data Host is granted under the PREDICT project.
6. The Data Host will have a representative on both the Application Review Board (ARB) and the Publication
Review Board (PRB). Each Board will consist of at least five representatives, with representation as follows:
ARB: One representative from each of the (1) PCC; (2) DHS; (3) Data Provider; (4) Data Host; and (5) Adhoc representative from the Cyber-defense research community, chosen by DHS and the PCC. The Data
Provider representative shall have absolute veto power over any application for access to its Data.
PRB: One representative from each of the (1) PCC; (2) DHS; (3) Data Provider; (4) Data Host; and (5) Adhoc representative from the Cyber-defense research community, chosen by DHS and the PCC.
7. To the extent permitted by law, Data Host shall indemnify, defend, and hold harmless RTI and PCC and its or
their employees, officers, directors, or agents (“Indemnified Parties”) from any loss, damage, liability, claims,
costs, demands, suits, or judgments, including reasonable attorney’s fees and the assumption of the defense and its
costs, as a result of any damage or injury (including death) to Indemnified Parties, or injury to the property of
Indemnified Parties or for any injury (including death) to third persons or their property which is directly or
indirectly caused by the negligence or willful misconduct of Data Host, its employees, officers, or directors, in the
course of performance under this Agreement. An Indemnified Party will promptly notify Data Host of any claim
against it or a third party of which it become aware and that is covered by this provision and Data Host shall, to
the extent permitted by law, authorize representatives to settle or defend any such claim or suit and to represent
Indemnified Parties in such litigation; provided, an Indemnified Party may, in its sole discretion and at its
expense, provide counsel to assist counsel for Data Host. Data Host will promptly notify an Indemnified Party of
any claim against it or a third party of which it becomes aware pertaining to Data or this Agreement and Data
Host shall, to the extent permitted by law, authorize representatives to settle or defend any such claim or suit and
to represent an Indemnified Party in such litigation. An Indemnified Party may, in its sole discretion and at its
expense, provide counsel to assist counsel for Data Host, or represent said Indemnified Party. No settlement shall
be made on behalf of an Indemnified Party which admits the fault of the Indemnified Party, without that Party’s
written consent, which shall not be unreasonably withheld.
8. Data Host will host the Data itself and not subcontract with a third party to host the Data. Data Host consents
to the release of Data usage and request statistics regarding its Data or Metadata as described in Attachment B.
9. Data Host shall hold Indemnified Parties harmless from any misuse of Data or Metadata by a party other than
Indemnified Parties and shall not look to the Indemnified Parties as an agent to protect Data Host from misuses of
its Data or of PREDICT Metadata by Researchers/Users or Sponsoring Institutions, and the Indemnified Parties
do not agree to serve in that capacity.
10. Data Host shall comply with all applicable federal, state, and local laws in the receipt of Data from Data
Providers and the provision of Data and Metadata to the PCC.
PCC Obligations
1. An MOA between the PCC and Data Provider and between PCC and Data Host will be entered into before
the Data Provider provides Metadata to the PCC or transfers Data to the Data Host.
2. PCC will notify Data Hosts of
a. Applications received for access to and use of Data they are hosting.
b. Third-party disclosure (publication) review requests from Researchers/Users pertaining to the hosted
Data.
c. FOIA or other legal requests PCC receives for access to Data or other records pertaining to the hosted
Data.

4

Rev. 12-16-05

3. The PCC will safeguard the Metadata catalog, taking all reasonably necessary steps to ensure that (1) the
Metadata it holds is adequately protected from unauthorized access; and (2) the Metadata it releases from its
catalog is protected in transmission from unauthorized access.
4. PCC will provide Data and Metadata request statistics on a monthly basis to DHS, Data Providers, and Data
Hosts.
Joint Obligations – Data Host and PCC
1.
All transfers of Data, under the terms of this Agreement shall at all times be subject to the export control
and other applicable laws and regulations of the United States. Each party agrees that it shall not make any
disposition, by way of trans-shipment, re-export, diversion or otherwise, except as said laws and regulation may
expressly permit, of information or data furnished under this Agreement. Each Party shall comply in all respects
with U.S. statutes, regulations, and administrative requirements regarding its relationships and sharing of Data
with non-U.S. citizens or non-U.S. governmental and quasi-governmental entities, including but not limited to,
the export control regulations of the International Traffic in Arms Regulations (“ITAR”) and the Export
Administration Act (“EAA”); the anti-boycott and embargo regulations and guidelines issued under the EAA; and
the regulations of the U.S. Department of the Treasury, Office of Foreign Assets Control.
2.
The relationship of PCC to Data Host under this Agreement is that of independent contractors. Personnel
retained or assigned by one Party to perform services or obligations covered by this Agreement will at all times be
considered agents or employees of the Party with whom such personnel have a contractual relationship, and not
agents or employees of the other Party.
3.
Either Party may terminate this Agreement at any time, in whole or in part, by providing written notice of
termination to the other. Except as otherwise mutually agreed, termination shall be effective thirty (30) days from
receipt of the notice. Any such termination shall not affect the obligations of either Party with respect to Data or
Metadata previously shared by one Party with the other, and such obligations shall continue through the return or
destruction of all such Data or Metadata.
4.
In the event of action or inaction by one Party constituting a failure to comply (default) with the provisions
of this Agreement, the non-defaulting Party may, by written notice to the defaulting Party, demand that the
defaulting Party cure such default within ten (10) business days thereof. Should the defaulting Party fail to cure
the default, the non-defaulting Party may terminate this Agreement and the Data shall be returned to the Party
from whom it originated; provided that in the event of a default by Data Host, PCC may retain Metadata
previously supplied by Data Host for the benefit of project PREDICT. Termination under this provision shall not
effect the obligations of either Party with respect to Data previously shared by one Party with the other, and such
obligations shall continue through the return or destruction of all such Data.
5.
Failure of either Party to enforce any of its rights hereunder shall not constitute a waiver of such rights. If
any provision herein is, becomes, or is held invalid, illegal, or unenforceable, such provision shall be deemed
modified only to the extent necessary to conform to applicable laws so as to be valid and enforceable. If it cannot
be so amended without materially altering the intent of the Parties as indicated herein, it shall be stricken and the
remainder of this Agreement shall remain in full force and effect and be enforced and construed as if such
provision had not been included.
6.
Neither this Agreement nor any interest herein may be assigned, in whole or in part, by either Party without
the prior written consent of the other Party; provided, however, that without securing such prior consent, either
Party shall have the right to assign this Agreement to any successor of such Party by way of merger or
consolidation or the acquisition of substantially all of the assets of such Party relating to the subject matter of this
Agreement; provided further, that such successor shall expressly assume all of the obligations of such Party under
this Agreement.

5

Rev. 12-16-05

7.
This Agreement shall remain in force for a period of one year commencing with the date of latest signature
below. Any Amendments to this Agreement, to be effective, shall be in writing and signed by an authorized
Representative of each Party.
8.
Each party represents and warrants that the person signing this Agreement on its behalf has full authority to
do so.

6

RESEARCH TRIANGLE INSTITUTE
PREDICT Coordinating Center

DATA HOST

Signature

Signature

Name

Name

Title

Title

Date

Date

Rev. 12-16-05

Attachment A
Description of Data
Name


Description


Description of Metadata – To Be Provided by Data Provider
Name
Measurement ID

Short Description
Long Description
Keywords
Measurement Size
Formats

Start Time
End Time
Ongoing Measurement
MD5 Hash
Anonymization Types
Use Restrictions
Use Restriction Types
Approval Difficulty
Metadata Version Time
Availability Start Time
Availability End Time
Data Host

Description
Text name. Required to be unique in combination with a provider
name. Researchers can use these tags for reference purposes and
acknowledgment.
Brief description of the measurement.
Lengthy description of the measurement
One or more selections from list. These will eventually hold tokens
like TCP, Header, Netflow, Snort, etc.
Size in bytes of the dataset.
Format(s) available for the dataset. One or more specifications from
a list. These are tokens like text, CSV, Syslog, TCPheader, libpcap,
etc.
Date & time the data collection was begun.
Date & time the data collection ceased.
Boolean flag. Set (true) if the data collection is ongoing.
MD5 hash value as a checksum of the data set. Not shown in data
catalog.
Indicates how the measurement is anonymized. One or more
anonymization type specifications from a list.
Text describing provider use restrictions. Can be used in
conjunction with Use Restriction Type selections.
One or more use restriction types from a list, such as
NO_EXPORT, PUBLIC, PUBLICATION_RESTRICTIONS, etc.
An integer from 1 (one) to 5, where 5 represents the highest degree
of difficulty.
Date & time this version of the measurement metadata was defined
by the Data Provider; not the date/time it was supplied or recorded.
Date & time the dataset is first available.
Date & time the dataset is no longer available (when it’s scheduled
to be purged).
Identification of a single Data Host for the dataset; probably the
host name.

Description of Metadata – To Be Provided by Data Host
Name
Private Access Instructions
Public Access Instructions
Access Types

7

Description
Sensitive instructions for access at the data host. Not shown in data
catalog.
Public instructions for access at the data host.
One or more access type specifications from a list, such as items
like HDD, Tape only, downloadable, etc.

Rev. 12-16-05

Attachment B
Data Provider Terms and Conditions for Access to and Use of Data

Data Host Terms and Conditions for Access to and Use of Data

8

Rev. 12-16-05