OMB # 1640-0012 / Expires mm/dd/yyyy
Cover
Letter – MOA Research
Organization
Thank you for your interest in using PREDICT Data as a Research Organization. In order for your application for PREDICT Data to be considered, you must complete and sign the attached Memorandum of Agreement (MOA) and submit it to the PREDICT Coordinating Center (PCC).
Instructions:
Print the MOA.
Fill in requested information and complete Attachment A, as noted.
Complete the Contact Information form below
Sign
the MOA and email it to [email protected]
or fax it to the PCC, Attn: Project Manager, at +1 866 835 0255. An
executed copy will be returned to you for your files.
Questions regarding this MOA or your request for PREDICT Data may be directed to the PCC at +1 800 957-6422 (US) or via email: [email protected].
Contact Information for Person Signing Document
Name |
|
||||
Title |
|
||||
Organization |
|
||||
Address |
|
||||
Address 2 |
|
||||
City |
|
State/Province |
|
Postal Code |
|
Country |
|
|
|||
Phone |
|
Alt Phone |
|
Fax |
|
Memorandum
of Agreement Research
Organization
This Memorandum of Agreement (“MOA” or “Agreement”) is between the Research Triangle Institute (“RTI”), a North Carolina corporation having offices at 3040 Cornwallis Road, Research Triangle Park, NC 27709, which serves as the PREDICT Coordinating Center (“PCC”) and _______________________________, a (type of entity)_________________________, having offices at ________________________________________, and functioning as a Research Organization (“Researcher”), (collectively referred to as “the Parties” or individually as “Party”). This Agreement is effective on the last date of execution, which is ________________. References throughout this document to “PCC” shall be deemed to refer to RTI. References to the MOA Identification number (“MOA ID”) assigned at the top left of each page of this document shall refer to this Agreement
The PCC supports the Protected Repository for the Defense of Infrastructure against Cyber Threats (“PREDICT”) project sponsored by the United States Department of Homeland Security (“DHS”). The PCC facilitates interaction between PREDICT participants, processes applications from Researchers for access to Data, maintains a metadata catalog, and develops policies and procedures for PREDICT operations and the use of PREDICT data.
In addition to DHS, the following eight types of organizations/individuals participate in PREDICT:
Data Provider |
Data Host |
Researcher |
Application Review Board |
PCC |
Referring Organization |
External Relations Council |
Contractors and Third Parties |
WHEREAS Researcher desires to use Data provided by Data Provider(s) for cyber security research and development (“R&D”) that was selected from a metadata catalog managed by the PCC. The Data will be made available to the Researcher through a Data Host.
This Agreement consists of: the General Terms and Conditions, Attachments A and B, and any subsequent Amendment(s) to Researcher Agreement, if executed. The provisions of Attachment A and B shall be incorporated herein and shall be construed so as to be fully consistent with all of the provisions of the General Terms and Conditions of this Agreement and, in the case of any conflict, the General Terms and Conditions shall prevail unless an Amendment to this Agreement is separately executed by both Parties and expressly amends particular provisions of the General Terms and Conditions, in which case such Amendment shall prevail over such particular provisions of the General Terms and Conditions.
General Terms and Conditions
Researcher and the PCC agree to the following:
Data Category is the designation given to a grouping of all Data Sub-Categories of a certain type.
Data Sub-Category is the name given to distinguish a particular grouping of datasets within a Data Category that have the same terms of use.
Data shall mean all datasets within a Data Category and Data Sub-Category.
Metadata is descriptive information about the Data (but not the Data itself) that is inserted in the PREDICT data catalog.
DHS shall mean the U.S. Department of Homeland Security.
PCC shall mean the Predict Coordinating Center that manages the PREDICT data catalog and operations, processes applications for PREDICT data, and handles administrative matters. The PCC does not store, maintain, or have access to any of the Data.
Data Provider shall mean an entity that provides Data that it owns or has a right to control and disclose to researchers, subject to the terms and conditions in an MOA between it and the PCC.
Data Host shall mean an entity that maintains computing infrastructure to store Data received from one or more Data Providers and provides approved Researchers access to such Data.
Referring Organization shall mean the Research Organization that identifies a Data Custodian as someone who is affiliated or aligned with the Research Organization and who will be responsible for the Data.
Research Organization shall mean an organization that desires to have research conducted on its behalf and designates individuals as Data Custodians to request and be responsible for PREDICT data.
Data Custodian shall mean the person designated by a Research Organization as responsible for requesting PREDICT Data for a research effort and ensuring that the organization’s responsibilities for the receipt, security, oversight, and handling of the Data are met.
Researcher shall mean a Research Organization.
Application Review Board (“ARB”) shall mean an entity that reviews and approves or rejects applications for Data from Researchers.
External Relations Council shall mean designated persons who advise and make recommendations to the PCC on policy and issues relating to privacy and the general direction of the PREDICT project.
PREDICT Team shall consist of:
PREDICT Coordinating Center (PCC) personnel
Data Providers
Data Hosts
Referring Organizations
Application Review Board
External Relations Council
Contractors and third parties supporting or interacting with DHS PREDICT and/or other Cyber Division programs
Department of Homeland Security.
Researcher Agreements, Rights, and Obligations
In consideration of the release to Researcher of the Data described in Attachment A, the Researcher agrees to the following terms and conditions:
Researcher certifies that all information provided by Researcher in this Agreement and Attachment A is accurate and complete.
Researcher agrees that all information contained in this Agreement may be shared as necessary to facilitate PCC operations and comply with PCC operational policies and procedures, including the sharing of information in this Agreement with the PREDICT Team as necessary. Researcher further agrees and consents that the names, organizations, and contact information of Researcher, Data Custodian, and research team members may be disclosed and publicly posted, including the general purpose for which the Data was used. Researcher attests that he/she has obtained the agreement and consent for such disclosure and public posting from Data Custodian and all research team members listed on Attachment A of the MOA.
Upon receipt of the Data, Data Provider hereby grants to Researcher, a limited, non-exclusive, revocable, non-transferable license to Researcher to use the Data, and Researcher agrees to use the Data solely for the research purpose described in Attachment A and in all respects in accordance with this Agreement, including the terms and conditions specified in any Data Use Terms or Data Use Agreements referenced in Attachment B.
Researcher agrees that Data shall not be transmitted, sent, exported, or used outside of the United States, Japan, Australia, or the United Kingdom provided that Data Custodian and all research team members are located in one of these countries (as specified in Attachment A), or if Data Custodian or any member of the research team is not located in the United States, Japan, Australia, or the United Kingdom, Researcher agrees that Data shall not be transmitted, sent, exported, or used outside of the international location (university or organization address) specified in Attachment A. For purposes of clarity, the preceding clause means that if a Data Custodian and all research team members are not located in the United States, Japan, Australia, or the United Kingdom, the research must be conducted at the actual location where the Data Custodian is located, such as a university or corporate operational site, as specified on Attachment A. Researcher shall take steps to ensure that all persons named on Researcher’s application are aware of and comply with this restriction.
The Researcher shall not allow access to or use of Data by any persons other than the Data Custodian and those research team members identified in Attachment A of this Agreement. Researcher shall initiate an Amendment to this Agreement if individuals other than those identified in Attachment A are to be added as research team members and given access to the Data or if research team members cease to be on the research team. Unless otherwise agreed to, an Amendment shall be initiated not less than seven (7) days prior to such change, and the Amendment must be executed by the Researcher and the PCC before any new individuals are allowed access to any Data.
Researcher shall establish and maintain the appropriate administrative, technical, and physical safeguards to protect the confidentiality of the Data and to prevent unauthorized use or access to the Data, as may be specified in Attachment B, including any required Data Use Agreements. At a minimum, Researcher shall take reasonable care to protect the Data against inadvertent disclosure or unauthorized use, but such care shall not be less than Researcher would use to protect his/her own confidential or proprietary information.
If Data Custodian (i) moves to a different organization after access to the Data is granted or is no longer affiliated with or aligned with the Research Organization, (ii) for any other reason is no longer the individual responsible for the research associated with the Data or (iii) dies, the Research Organization shall propose a substitute Data Custodian to the PCC within ten (10) business days of such event and submit a Referring Letter for such person or notify the PCC that it desires to terminate the MOA, in which case all access to Data shall cease immediately and the Research Organization shall follow the PCC’s instructions regarding disposition of the Data. If a new Data Custodian is proposed, the PCC shall issue an amendment to this MOA and seek approval or denial of the proposed Data Custodian as soon as possible, but in no event shall such approval or denial take longer than seven (7) days. During the period of review, no individuals other than those previously approved shall have access to the Data, provided an acting Data Custodian has been designated and informed of the duties required (approval of an acting Data Custodian is not required). If a Data Custodian is not proposed within the required timeframe, this MOA shall be deemed to be terminated and all access to Data shall cease immediately and the Research Organization shall follow the PCC’s instructions regarding disposition of the Data.
No findings, analysis, or information derived from the Data may be released if such findings contain any combination of data elements that might allow for identification or the deduction of a person’s or institution’s identity, unless such identification is both (a) explicitly permitted under the terms governing handling and release of Data incorporated herein and (b) not in violation of applicable U.S. or state law.
Researcher shall submit to the PCC citations and links for any and all public releases, publications, or any other type of disclosure (“Writings”) that pertain to research conducted using the Data and hereby authorizes the PCC and/or Data Providers to publicly post such citations or information. If the writings would reveal confidential or proprietary data (and cannot be redacted) or any U.S. Government sensitive or classified information, such citations and links shall not be required.
Researcher shall identify the PREDICT program and Data Provider as the source of Data in all Writings and DHS as the sponsor of PREDICT.
Researcher shall report immediately to the PCC any access, use, or disclosure of the Data other than as permitted by this Agreement. Researcher shall take all reasonable steps to mitigate the effects of such improper access, use, or disclosure, including cooperating with all reasonable requests of the PCC, and documenting all such actions taken.
Unless re-identification of Data is required and was disclosed by Researcher in Attachment A regarding Proposed Use of Data, Researcher shall not attempt to or actually unlock, override, reverse engineer, or otherwise take any steps to defeat any anonymization or obfuscation methods or tools that have been applied to any Data by the Data Provider, or otherwise to violate any of the terms of use associated with the Data, including those in any Data Use Agreements specified in Attachment B.
Notwithstanding paragraph 1 under “Joint Rights and Obligations – Researcher and PCC, and Other Provisions,” Researcher agrees that in the event the PCC determines, or has a reasonable belief, that Researcher has violated any terms of this Agreement, including those within any Data Use Agreement(s) specified in Attachment B, the PCC may terminate this Agreement effective immediately. Upon such termination, Researcher shall dispose of the Data and all copies or portions thereof in its possession that it has received from Data Host or created (or had others create). Researcher shall certify that such disposition of the Data has been completed as instructed by signing and providing to the PCC a Certification of Disposal. The PCC also may seek injunctive relief against Researcher to prevent any unauthorized disclosure of Data by Researcher. Researcher understands that as a result of this determination or reasonable belief that a violation of this Agreement has occurred, the PCC may also refuse to release further Data to Researcher. In addition, the PCC may report any misuse or improper disclosure of Data to Data Provider and Data Host and to appropriate authorities as permitted or required by applicable Federal or state law.
Access to Data ends upon expiration or termination of this Agreement and Researcher shall dispose of all copies of the Data and certify such disposition by signing and providing to the PCC a Certification of Disposal.
To the extent permitted by law, Researcher shall indemnify, defend, and hold harmless the PCC and its employees, officers, directors, and agents (“Indemnified Parties”) from any loss, damage, liability, claims, costs, demands, suits, or judgments, including reasonable attorney’s fees and the assumption of the defense and its costs, as a result of any damage or injury to Indemnified Parties, including death or injury to property or to third parties, which is directly or indirectly caused by Researcher, persons involved in the research project, or the employees, officers, directors, or agents of Researcher through negligence or willful misconduct or violation of other statutory or regulatory duties by Researcher or of the obligations in paragraphs 3, 5, 7, 11, 12, and 14 above. The Indemnified Parties shall promptly notify Researcher of any claim against it or a third party of which they become aware and that is covered by this provision and Researcher shall, to the extent permitted by law, authorize representatives to settle or defend any such claim or suit and to represent Indemnified Parties in litigation. The Indemnified Parties, in its sole discretion and at its expense, may provide counsel to assist counsel for Researcher, or represent said Indemnified Parties. No settlement shall be made on behalf of an Indemnified Party, which admits the fault of the Indemnified Party, without that Party’s written consent, which shall not be unreasonably withheld.
Researcher shall provide information as requested to allow the PCC to audit or confirm Researcher’s compliance with the foregoing Obligations of this Agreement.
PREDICT Coordinating Center (PCC) Rights and Obligations
The PCC shall notify Researcher of:
Approval or denial of permission to use requested Data;
Freedom of Information Act (“FOIA”) or other legal requests for access to data regarding this Agreement;
Data disposition requirements upon expiration or termination of this Agreement.
2. The PCC shall coordinate communications between the Data Host and Researcher.
3. The PCC has the right to immediately terminate this Agreement upon determination that information provided in this Agreement was false, inaccurate, incomplete, or otherwise designed to conceal material information and to require disposal of all Data that was provided to Researcher. In addition, the PCC has the right to terminate Researcher’s access to and/or use of the Data, or a particular Data Provider’s Data, when it deems such action is in the best interests of the PREDICT project. The PCC shall refrain from such action except in circumstances that threaten the integrity, reputation, or operations of the Researcher, the PCC, the Data Provider, the PREDICT project, or DHS. In such event, the PCC shall provide Researcher written notification of such termination and, when possible, shall provide such notification to Researcher ten (10) days prior to termination. The PCC reserves the right, however, to immediately terminate access to or use of such Data when it deems necessary. The PCC shall initiate an amendment to this Agreement to effect such termination and Researcher shall cooperate with the PCC regarding termination of access to and/or use of such Data by Researcher and research team.
4. The PCC shall process any required amendments to this Agreement.
Joint Rights and Obligations – Researcher and PCC, and Other Provisions
Either Party may terminate this Agreement by providing thirty (30) days written notice to the other Party. Upon any termination or the expiration of this Agreement, Researcher shall, upon instructions from the PCC, dispose of the Data and all copies or portions thereof in its possession that it has received from Data Host or created (or had others create). Researcher shall certify that such disposition of the Data has been completed as instructed by signing and providing to the PCC a Certification of Disposal.
This Agreement shall remain in force for a period of one year commencing from the effective date of this Agreement or as amended. Any Amendments to this Agreement, to be effective, shall be in writing and signed by an authorized Representative of each Party.
This Agreement shall be construed and interpreted in accordance with the laws of the state of North Carolina.
Other than the limited license granted to Researcher in paragraph 4 above under “Researcher Agreement, Rights, and Obligations,” nothing contained herein shall be construed as conferring by implication, estoppel or otherwise any license or right in favor of any Party or any third party in any patents or other intellectual property rights of any other Party.
Absent agreement otherwise, neither Party shall in any manner reference or cause to be referenced the trade names, trademarks, service marks or any other indicia of origin owned by the other Party, nor indicate that its operations are in any way sponsored, approved or endorsed by the other Party.
Neither this Agreement nor the receipt of Data by Researcher shall constitute or imply any promise or intention by Researcher to evaluate, process or make use of the Data either now or in the future.
NO PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR INCIDENTAL, INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES OF ANY KIND (INCLUDING LOST REVENUES OR PROFITS, OR LOSS OF BUSINESS) IN ANY WAY RELATED TO THIS AGREEMENT, REGARDLESS OF WHETHER IT WAS ADVISED, HAD OTHER REASON TO KNOW, OR IN FACT KNEW OF THE POSSIBILITY THEREOF.
Any legal action arising in connection with this Agreement must begin within two (2) years after the cause of action arises.
Neither this Agreement nor any interest herein may be assigned, in whole or in part, by either Party without the prior written consent of the other Party; provided, however, that without securing such prior consent, a Research Organization or the PCC shall have the right to assign this Agreement to any successor of such Party by way of merger or consolidation or the acquisition of substantially all of the assets of such Party relating to the subject matter of this Agreement; provided further, that such successor shall expressly assume all of the obligations of such Party under this Agreement.
The Parties may execute two copies of this Agreement, each of which shall constitute an original copy of this Agreement. A scanned, imaged, facsimile or photocopy of this Agreement or amendment to this Agreement as executed by the Parties shall be deemed to be an original executed copy for all purposes.
This Agreement shall not be considered accepted or effective until signed below by representatives of the PCC and Researcher Organization who are authorized to legally bind their respective organization.
AGREED TO AND ACCEPTED BY:
RESEARCH TRIANGLE INSTITUTE PREDICT Coordinating Center |
|
PRINCIPAL RESEARCHER |
|
|
|
Signature |
|
Signature |
|
|
|
Name |
|
Name |
|
|
|
Title |
|
Title |
|
|
|
Organization |
|
Organization |
|
|
|
Date |
|
Date |
Attachment A
Name of Data Custodian:
Name |
|
||||
Title |
|
||||
Organization |
|
||||
Address |
|
||||
Address 2 |
|
||||
City |
|
State/Province |
|
Postal Code |
|
Country |
|
|
|||
Phone |
|
Alt Phone |
|
Fax |
|
All Other Persons Who Will Have Access to Data (Add lines as necessary:)
Name |
Organization |
Address |
Country |
Telephone |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Title of Research Project: |
|
Proposed Use of Data (provide a mini- abstract of research project and proposed use of Data, project goals, and objectives): |
|
|
Location(s) of Research: (state all locations where research will be conducted)
Organization |
Address |
Country |
|
|
|
|
|
|
|
|
|
Data Requested:
[One row must be completed for each Data Sub-Category being requested]
Data Provider |
Data Category |
Data Sub-Category |
|
|
|
|
|
|
|
|
|
|
|
|
Attachment B: Data Use Terms
The Data are Subject to the Following Additional Terms and Conditions for Access to and Use of Data as set by the Data Provider and/or Data Host
Data Provider |
Data Category |
Data Sub-Category |
Terms & Conditions for Access/Use |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Privacy Act Notice: DHS Authority to Collect This Information: The Homeland Security Act of 2002 [Public Law 107-296, §302(4)]. Principal Purpose: DHS collects name, organization and title (if any), email address, home and/or work address, and telephone numbers for the purpose of contacting individuals regarding the PREDICT project and/or their involvement with PREDICT. Routine Uses and Sharing: Some of your information will be disclosed to PREDICT team members, such as data hosts, data providers, PREDICT contractors, the PREDICT Coordination Center, the advisory board, and review board members to help us deliver requested PREDICT services and operate the PREDICT web site and deliver the services you have requested. Unless you consent otherwise, this information will not be used for any purpose other than those stated above. However, DHS may release this information of an individual on a case-by-case basis as described in the DHS/ALL-002 System of Records Notice (SORN), which can be found at: www.dhs.gov/privacy. Disclosure: Furnishing this information is entirely voluntary; however, failure to furnish at least the minimum information required to register (to include full name, email address,) will prevent you from obtaining authorization to access system.
PRA Burden Statement: An agency may not conduct or sponsor an information collection and a person is not required to respond to this information collection unless it displays a current valid OMB control number and an expiration date. The control number for this collection is 1640-0012 and this form will expire on mm/dd/yyyy. The estimated average time to complete this form is 60 minutes per respondent. If you have any comments regarding the burden estimate you can write to Department of Homeland Security, Science and Technology Directorate, Washington, DC 20528
DHS
Form 10075 (11/11)
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Dave Obringer |
File Modified | 0000-00-00 |
File Created | 2021-01-31 |