Download:
pdf |
pdfOMB # 1640-0012 / Expires 12/31/2013
COVER LETTER
MEMORANDUM OF AGREEMENT – DATA HOST
Thank you for your interest in joining the PREDICT community as a DATA HOST. Questions
regarding this MOA may be directed to PREDICT Legal Counsel, PREDICT Coordinating Center, via
phone at +1 800 957 6422 or email, [email protected].
Please complete the information below and send an executed copy electronically to the PCC at [email protected] or fax it to +1 866 835 0255, Attn: Project Manager. An executed copy will be returned to
you for your files.
Contact Information For Person Signing Document
Name
Title
Organization
Address
Address 2
City
State/Province
Country
Phone
Postal Code
Email
Alt Phone
Fax
DHS Authority to Collect This Information: The Homeland Security Act of 2002 [Public Law 107‐296, §302(4)] authorizes the Science and Technology
Directorate to conduct “basic and applied research, development, demonstration, testing, and evaluation activities that are relevant to any or all elements
of the Department, through both intramural and extramural programs.” In exercising its responsibility under the Homeland Security Act, S&T is authorized
to collect information, as appropriate, to support R&D related to improving the security of the homeland. Principal Purpose: DHS collects name,
organization and title (if any), email address, home and/or work address, and telephone numbers for the purpose of contacting individuals regarding the
PREDICT project and/or their involvement with PREDICT. Routine Uses and Sharing: Some of your information will be disclosed to PREDICT team
members, such as data hosts, data providers, PREDICT contractors, the Predict Coordinating Center, the advisory board, and review board members to
help us deliver requested PREDICT services and operate the PREDICT Web site and deliver the services you have requested. Unless you consent otherwise,
this information will not be used for any purpose other than those stated above. However, DHS may release this information for an individual on a case‐
by‐case basis as described in the DHS/ALL‐002 System of Records Notice (SORN), which can be found at: www.dhs.gov/privacy. Disclosure: Furnishing this
information is entirely voluntary; however, failure to furnish at least the minimum information required to register (to include full name and email
address,) will prevent you from obtaining authorization to access system.
PRA Burden Statement: An agency may not conduct or sponsor an information collection and a person is not required to respond to this information
collection unless it displays a current valid OMB control number and an expiration date. The control number for this collection is 1640‐0012 and this form
will expire on 12/31/2013. The estimated average time to complete this form is 45 minutes per respondent. If you have any comments regarding the
burden estimate you can write to Department of Homeland Security, Science and Technology Directorate, Washington, DC 20528.
DHS Form 10037 (12/07)
Page 1 of 8
Last Updated: 9-8-11
�MEMORANDUM OF AGREEMENT
PCC AND DATA HOST
This Memorandum of Agreement (“MOA” or “Agreement”) is between the Research Triangle Institute (“RTI”), a
North Carolina corporation having offices at 3040 Cornwallis Road, Research Triangle Park, NC 27709, which
serves as the PREDICT Coordinating Center (“PCC”) and ________________________________, a _____[insert
kind of entity]___________ having offices at ___________________________________ (“Data Host”),
(collectively referred to as “the Parties” or individually as “Party”). This Agreement is effective on
________________. References throughout this document to “PCC” shall be deemed to refer to RTI.
The PCC supports the Protected Repository for the Defense of Infrastructure against Cyber Threats (“PREDICT”)
project sponsored by the United States Department of Homeland Security (“DHS”). The PCC facilitates
interaction between PREDICT participants, processes applications from Researchers for access to Data, develops
a metadata catalog, and develops policies and procedures for PREDICT operations and the use of PREDICT
datasets.
In addition to DHS, the following eight types of organizations/individuals participate in PREDICT:
Data Provider
Data Host
Researcher
PCC
Referring
Organization
External Relations
Council
Application Review
Board
Contractors and Third
Parties
This Agreement consists of: the General Terms and Conditions, Attachment A and any subsequent Attachments
B-Z, and Amendment(s) to the Agreement, if executed. The provisions of Attachment A and any and all
subsequent Attachments shall be incorporated herein and construed so as to be fully consistent with all of the
provisions of the General Terms and Conditions of this Agreement and, in the case of any conflict, the General
Terms and Conditions shall prevail unless an Amendment to this Agreement is separately executed by both
Parties and expressly amends particular provisions of the General Terms and Conditions, in which case such
Amendment shall prevail over such particular provisions of the General Terms and Conditions.
General Terms and Conditions
Data Host and the PCC agree to the following:
Data Category is the designation given to a grouping of all Data Sub-Categories of a certain type.
Data Sub-Category is the name given to distinguish a particular grouping of datasets within a Data Category that
have the same terms of use and which are described in Attachment A for the first Data Provider, Attachment B for
the second Data Provider, and so on.
Data shall mean all datasets within a Data Category and Data Sub-Category.
Metadata is descriptive information about the Data (but not the Data itself) that is inserted in the PREDICT data
catalog.
DHS shall mean the U.S. Department of Homeland Security.
PCC shall mean the Predict Coordinating Center that manages the PREDICT data catalog and operations,
processes applications for PREDICT data, and handles administrative matters. The PCC does not store, maintain,
or have access to any of the Data.
Data Provider shall mean an entity that provides Data that it owns or has a right to control and disclose to
researchers, subject to the terms and conditions in an MOA between it and the PCC.
2
Last Updated: 9-8-11
�Data Host shall mean an entity that maintains computing infrastructure to store Data received from one or more
Data Providers and provides approved Researchers access to such Data.
Principal Researcher shall mean a researcher who requests PREDICT datasets in an individual capacity and who
has been identified by a Referring Organization as someone who has a legitimate need for the data.
Referring Organization shall mean an entity that identifies a Principal Researcher as someone who is affiliated or
aligned with the Referring Organization and who has a legitimate need for PREDICT datasets.
Research Organization shall mean an organization that desires to have research conducted on its behalf and
designates individuals as Data Custodians to request and be responsible for PREDICT datasets.
Data Custodian shall mean the person designated by a Research Organization as responsible for requesting
PREDICT datasets for a research effort and ensuring that the organization’s responsibilities for the receipt,
security, oversight, and handling of the Data are met.
Researcher shall mean a Principal Researcher or Research Organization.
Application Review Board (“ARB”) shall mean an entity that reviews and approves or rejects applications for
Data from Researchers.
External Relations Council shall mean designated persons who advise and make recommendations to the PCC on
policy and issues relating to privacy and the general direction of the PREDICT project.
PREDICT Team shall consist of:
1. PREDICT Coordinating Center (PCC) personnel
2. Data Providers
3. Data Hosts
4. Referring Organizations
5. Application Review Board
6. External Relations Council
7. Contractors and third parties supporting or interacting with DHS PREDICT and/or other Cyber
Division programs
8. Department of Homeland Security.
Data Host Obligations
1. Data Host shall accept Data from the following Data Provider(s) for release to approved Researcher(s) subject
to the terms and conditions for access and use as set forth in the following Attachment(s) to this MOA:
Data Provider: _________________________________ Terms and Conditions in Attachment A
Data Provider: _________________________________ Terms and Conditions in Attachment B
And so forth, for additional Data Providers.
The term “Data Provider” shall refer herein to all Data Providers collectively. The term “Attachment(s)” shall
refer to Attachment A, B, C, and so on, collectively.
2. Data Host shall provide the Data Provider and PCC with its own terms and conditions for access to, transfer,
handling, and storage of the Data by Researchers as specified in the Attachment(s).
3
Last Updated: 9-8-11
�3. The Data Host shall ensure that its terms and conditions for access to, transfer, handling, and storage of the
Data are entered into the Metadata catalog.
4. Data Host shall provide all required data security and access control requirements to the Data, as specified by
Data Provider in the Attachment(s), and shall implement appropriate physical, technical, and administrative
safeguards and controls to maintain the required level of security and access controls. Such safeguards and
controls shall be consistent with accepted information security best practices and standards and applicable rules,
laws, and regulations. Data Host shall implement reasonable measures to periodically assess the effectiveness of
the controls and shall report any breaches or suspected breaches of the controls or Data to the PCC within 24
hours of knowledge of same.
5. Data Host shall provide approved Researchers with all required Data security and access control requirements
and shall allow Researchers access to approved Data.
6. Data Host shall notify the PCC after Researcher has accessed the Data approved by the ARB for Researcher’s
use.
7. Data Host shall NOT provide any Researcher access through the PREDICT program to any Data other than
those approved for each Researcher by the PCC, and then only under the terms for access as set forth in
Attachment(s) to this Agreement.
8. Data Host shall host the Data itself or allow a Data Host that has been approved by DHS to host the Data, and
Data Host shall not subcontract with a third party to host the Data. Data Host shall provide data access, usage and
request statistics regarding the Data it hosts and consents to the public release of such statistics.
9. Data Host shall comply with all applicable federal, state, and local laws and contractual obligations (a) in the
receipt of Data from Data Providers, and (b) in providing access to the Data by Researchers.
10. Data Host further agrees and consents that the names, organization, and contact information of Data Host
and specific Data Host personnel collected by the PCC, either via the portal or through any other means, may be
disclosed to PREDICT Team Members, to Researchers, and/or publicly posted. Data Host attests that he/she has
obtained the agreement and consent for such disclosure and public posting from all such personnel.
11. Data Host further agrees to serve on the Application Review Board if and when requested by the PCC.
12. The Terms and Conditions of this Agreement are for the primary benefit of PCC and Data Host; however, a
violation by Data Host of these obligations may create harm to Researchers of the Data to which access has been
granted. Researchers are therefore deemed, to the extent permitted by law, third party beneficiaries under this
agreement only with respect to such harm, and Data Host hereby acknowledges the third party beneficiary rights
of such Researchers for whom access to Data provided by Data Host is granted under the PREDICT project.
13. Data Host shall provide information as requested to allow the PCC to audit or confirm Data Host’s
compliance with the foregoing Obligations of this Agreement.
PCC Obligations
1. An MOA between the PCC and Data Provider and an MOA between the PCC and Data Host will be entered
into before the Data Provider transfers Data to the Data Host.
2. The PCC shall notify Data Hosts of
a. Applications approved for access to and use of Data they are hosting; and/or
b. FOIA or other legal requests that the PCC receives for access to Data or other records pertaining to the
hosted Data.
4
Last Updated: 9-8-11
�3. The PCC shall provide Data and Metadata request statistics on a monthly basis to DHS and Data Host and
may, at its discretion, make such statistics publicly available.
Joint Obligations – Data Host and PCC
1.
All transfers of Data under the terms of this Agreement shall at all times be subject to the applicable laws
and regulations of the United States. Each Party agrees that it shall not make any disposition, by way of
trans-shipment, re-export, diversion or otherwise, of Data furnished under this Agreement outside the United
States except as said laws and regulation or this Agreement may expressly permit. Each Party shall comply in all
respects with applicable U.S. statutes, regulations, and administrative requirements regarding its relationships and
sharing of Data with non-U.S. citizens or non-U.S. governmental and quasi-governmental entities, which may
include but are not necessarily limited to, the export control regulations of the International Traffic in Arms
Regulations (ITAR) and the Export Administration Act (EAA); the anti-boycott and embargo regulations and
guidelines issued under the EAA; and the regulations of the U.S. Department Of The Treasury, Office of Foreign
Assets Control.
2.
The relationship of the PCC to Data Host under this Agreement is that of independent contractors.
Personnel retained or assigned by one Party to perform services or obligations covered by this Agreement will at
all times be considered agents or employees of the Party with whom such personnel have a contractual
relationship, and not agents or employees of the other Party.
3.
(a) Either Party may terminate this Agreement at any time by providing written notice of termination to
the other. Except as otherwise mutually agreed, termination shall be effective thirty (30) days from receipt of the
notice. Unless otherwise agreed to in writing, any such termination shall not affect the obligations of either Party
with respect to Data previously provided to and in the possession of a Researcher, and such obligations shall
continue through the disposition of all such Data. No new access to Data hosted by Data Host shall be granted
after such notice has been received. In the event of termination by either Party, Data Host shall not communicate
with Researcher(s) regarding Data that it provided access to or terminate Researcher(s)’ access to the Data during
this thirty-day notice period. After PCC has communicated with the Researcher(s) impacted and provided
instructions with respect to future hosting of the Data or termination of use of the Data, Data Host shall cooperate
with the PCC and/or new data host as necessary to efficiently transfer the Data to the new data host. If there is no
transfer of the Data to a new data host, the Data Host shall follow PCC’s instructions with respect to disposition
of the Data. PCC shall make such communication and provide instructions to Researcher(s) and Data Host within
the thirty-day notice period.
(b) Either Party may decide to terminate the hosting of one or more particular Data Sub-Categories hosted
by the Data Host. The terminating Party shall provide written notification of such termination to the other Party.
Unless otherwise agreed to in writing, such termination shall be immediate and the PCC shall not process any
applications to use such Data Sub-Categories and the Data Host shall not provide any Researcher(s) access to
such Data Sub-Categories. The Data Host shall not communicate with any Researcher(s) impacted by such
termination. The Data Host shall follow PCC’s instructions with respect to disposition of the Data. The Parties
shall enter into an amendment to this Agreement to effect such termination.
4.
(a) To the extent permitted by law, Data Host shall indemnify, defend, and hold harmless the PCC, and its
employees, officers, directors, and agents (“PCC Indemnified Parties”), from any loss, damage, liability, claims,
costs, demands, suits, or judgments, including reasonable attorney’s fees and the assumption of the defense and its
costs, as a result of any damage or injury to PCC Indemnified Parties, including death or injury to property or to
third parties, which is directly or indirectly caused by Data Host or the employees, officers, directors, or agents of
Data Host through negligence or willful misconduct or violation of other statutory or regulatory duties by Data
Host or of the obligations in paragraph 4 above under Data Host Obligations. PCC Indemnified Parties shall
promptly notify Data Host of any claim against it or a third party of which they become aware and that is covered
by this provision and Data Host shall, to the extent permitted by law, authorize representatives to settle or defend
any such claim or suit and to represent PCC Indemnified Parties in such litigation. PCC Indemnified Parties, in
their sole discretion and at its expense, may provide counsel to assist counsel for Data Host, or represent said PCC
5
Last Updated: 9-8-11
�Indemnified Parties. No settlement shall be made on behalf of a PCC Indemnified Party, which admits the fault
of the PCC Indemnified Party, without that Party’s written consent, which shall not be unreasonably withheld.
(b) To the extent permitted by law, PCC shall indemnify, defend, and hold harmless the Data Host, and its
employees, officers, directors, and agents (“DH Indemnified Parties”), from any loss, damage, liability, claims,
costs, demands, suits, or judgments, including reasonable attorney’s fees and the assumption of the defense and its
costs, as a result of any damage or injury to DH Indemnified Parties, including death or injury to property or to
third parties, which is directly or indirectly caused by PCC or the employees, officers, directors, or agents of PCC
through negligence or willful misconduct or violation of other statutory or regulatory duties by PCC or of the
PCC Obligations set forth in paragraph 2 above under PCC Obligations. DH Indemnified Parties shall promptly
notify PCC of any claim against it or a third party of which they become aware and that is covered by this
provision and PCC shall, to the extent permitted by law, authorize representatives to settle or defend any such
claim or suit and to represent DH Indemnified Parties in such litigation. DH Indemnified Parties, in their sole
discretion and at its expense, may provide counsel to assist counsel for PCC, or represent said DH Indemnified
Parties. No settlement shall be made on behalf of a DH Indemnified Party, which admits the fault of the DH
Indemnified Party, without that Party’s written consent, which shall not be unreasonably withheld.
5.
In the event of action or inaction by one Party constituting a failure to comply (default) with the
provisions of this Agreement, the non-defaulting Party may, by written notice to the defaulting Party, demand that
the defaulting Party cure such default within ten (10) business days thereof. Should the defaulting Party fail to
cure the default, the non-defaulting Party may terminate this Agreement and the Data held by the Data Host shall
no longer be made available to Researchers through the Data Host. Termination under this provision shall be
handled pursuant to paragraph 3(b) above.
6. Failure of either Party to enforce any of its rights hereunder shall not constitute a waiver of such rights. If any
provision herein is, becomes, or is held invalid, illegal, or unenforceable, such provision shall be deemed
modified only to the extent necessary to conform to applicable laws so as to be valid and enforceable. If it cannot
be so amended without materially altering the intent of the Parties as indicated herein, it shall be stricken and the
remainder of this Agreement shall remain in full force and effect and be enforced and construed as if such
provision had not been included.
7. Neither this Agreement nor any interest herein may be assigned, in whole or in part, by either Party without
the prior written consent of the other Party; provided, however, that without securing such prior consent, either
Party shall have the right to assign this Agreement to any successor of such Party by way of merger or
consolidation or the acquisition of substantially all of the assets of such Party relating to the subject matter of this
Agreement; provided further, that such successor shall expressly assume all of the obligations of such Party under
this Agreement.
8. This Agreement shall remain in force from its effective date until _____________. Any Amendments to this
Agreement, to be effective, shall be in writing and signed by an authorized Representative of each Party.
9. Each Party represents that the person signing this Agreement has full authority to bind his/her organization.
6
Last Updated: 9-8-11
�ACCEPTED AND AGREED TO:
RESEARCH TRIANGLE INSTITUTE
PREDICT Coordinating Center
DATA HOST
__________________Name_______________
Signature
Signature
Name
Name
Title
Title
Date
Date
7
Last Updated: 9-8-11
�Attachment A: Data Provider _________________
Data Provider Description of Data Sub-Category
Data
Category
Data Sub-Category
Description of Data Sub-Category
Data Provider Terms and Conditions for Access to and Use of Data
Within Each Data Sub-Category
Data
Category
Data Sub-Category
Data Provider Terms & Conditions for
Access to & Use of Data
Data Host Terms and Conditions for Access to and Use of Data
Within Each Data Sub-Category
Data
Category
Data Sub-Category
Data Host Terms & Conditions for
Access to & Use of Data
8
Last Updated: 9-8-11
�
| File Type | application/pdf |
| File Title | Microsoft Word - PREDICT_MOA_PCC-Data-Host_Final_9-8-11.doc |
| Author | scantor |
| File Modified | 2011-09-14 |
| File Created | 2011-09-14 |