The URL can be used to link to this page

Home My WebLink AboutMulti-State Information Sharing and Analysis Center of the United States/Info Systems/Member AgreementCENTER FOR INTERNET SECURITY MULTI -STATE ISAC Member Agreement This Agreement ("Agreement") is made between the City of Carmel, IN and the Multi -State Information Sharing and Analysis Center of the United States (MS- ISAC), a division of the Center for Internet Security. The MS-ISAC will enable information sharing, analysis, gathering and distribution in a secure manner using facilities and methods designed to permit individual Members to submit information about security threats, vulnerabilities, incidents, and solutions securely. Only MS-ISAC members have access to review and retrieve this information. When submitting information to the MS-ISAC, Primary Custodians will identify information to the MS-ISAC in the following categories: Category A: information that is provided only to the MS-ISAC and will not be shared with the MS-ISAC members or others except as authorized by the Primary Custodian. Category A information also consists of any non -categorized information provided to the MS- ISAC and/or pre -cleansed category B information. Category B: information which is shared with the MS- ISAC and in consultation with the Primary Custodian is cleansed by the MS-ISAC of all identifying information and then, consistent with applicable laws, will be shared only with MS-ISAC members, or the Department of Homeland Security consistent with paragraph six (6). Category C: information which is shared with the MS- ISAC and does not need to be cleansed and may be shared within the MS-ISAC and outside the MS-ISAC as appropriate. MS-ISAC members acknowledge that Primary Custodian has certain cyber and/or critical infrastructure information and material that is exempt from disclosure to the public or other unauthorized persons under federal or state laws including the Homeland Security Act of 2002 (6 U.S.C. § 133). MS- ISAC members may provide access to this information and material in order to facilitate interstate communication regarding cyber and/or critical infrastructure readiness and response efforts. These efforts include, but are not limited to, disseminating early warnings of physical and cyber system threats, sharing security incident information between U.S. states, territories, the District of Columbia, tribal nations and local governments, providing trends and other analysis for security planning, and distributing current proven security practices and suggestions. As a participating member of the MS-ISAC, Primary Custodian agrees that when sharing this information with MS-ISAC members it will do so through the MS- ISAC in accordance with the categories established in this document. MS-ISAC members agree to the terms and conditions contained in this Agreement. NOW THEREFORE, in consideration of the above promises recited herein, the parties agree to the following: Definitions: 1. Primary Custodian — the entity that developed or owns the Data. Each collection of Data (database, file, etc.) shall have a single Primary Custodian. 2. MS-ISAC members — the members (U.S. states, territories, the District of Columbia, tribal nations and local governments) who may be in possession or use of Data acquired from the Primary Custodian or from the MS-ISAC. Purpose: MS-ISAC members acknowledge that the protection of Category A information is essential to the security of Primary Custodian and the mission of the MS-ISAC. The purpose of this Agreement is to enable Primary Custodian to make disclosures of Category A information to MS-ISAC while still maintaining rights in, and control over, Category A information. The purpose is also to preserve confidentiality of the Category A information and to prevent its unauthorized disclosure. It is understood that this Agreement does not grant MS- ISAC or members an express or implied license or an option on a license, or any other rights to or interests in the Category A information, or otherwise. If Primary Custodian retracts any information it sent to the MS-ISAC, then, upon notification by the Primary Custodian, the MS- ISAC will destroy such information and all copies thereof, and notify MS-ISAC members to destroy the information. If an MS-ISAC member is unable to destroy the information based on applicable law, then the member will continue to maintain the confidentiality of the information consistent with this agreement. Upon receiving such notification, Multi -State [SAC I of 3 Member Agreement 1/1/2012 MS ISAC members will destroy such information immediately forward such request to the Primary and all copies thereof. Custodian and consult and cooperate with the MS-ISAC and Member Duties: Primary Custodian and will make reasonable efforts, consistent with applicable law to protect the 4. MS-ISAC and members who are authorized by the confidentiality of the information. Primary Primary Custodian to receive Category A Custodian will, as needed, have the opportunity to information shall, and shall cause their contractors, seek judicial or other appropriate avenues of subcontractors, agents or any other entities acting redress to prevent any release. on their behalf (hereinafter referred to as the "Affiliates") to: 8. In non -emergency situations, as part of its multi - (a) copy, reproduce or use Category A information state communication sharing efforts, the MS-ISAC for the purposes of the MS-ISAC mission may Y Prepare written reports. For such reports, the and not for any other purpose unless Primary Custodian shall be provided a period of specifically authorized to do so in writing by time to review such reports, papers, or other Primary Custodian; and writings and has the right to edit out its Category A (b) not permit any person to use or disclose the information, correct factual inaccuracies, make Category A information for any propose other recommendations and comments to the content of than those expressly authorized by this the report, and append comments to the final Agreement; and version of the report. The MS-ISAC members and (c) implement physical, electronic and Primary Custodian agree to work together in good managerial safeguards to prevent faith to reach mutually agreed upon language for unauthorized access to or use of Category A the report. If the parties are unable to reach information. agreement on an issue, Primary Custodian has the Such restrictions will be at least as stringent as right to edit out its Category A information. those applied by the MS-ISAC and/or members to General Terms: their own most valuable and confidential information. 9. Should any court of competent jurisdiction consider any provision of this Agreement to be MS-ISAC agrees to promptly notify Primary invalid, illegal, or unenforceable, such provisions Custodian of any unauthorized release of Category shall be considered severed from this Agreement. A information. All other provisions, rights, and obligations shall 5. MS-ISAC and members will not remove, obscure continue without regard to the severed provision(s). or alter any notice of patent, copyright, trade secret 10. The term of the Agreement shall continue so long or other proprietary right from any Category A as Primary Custodian remains a member of the information without the prior written authorization MS-ISAC, and paragraph 3 the obligations of of Primary Custodian. confidentiality as provided herein shall survive the Multi -State ISAC Duties: expiration of this Agreement. 6. The MS-ISAC and members may share with the 11. This Agreement will be construed and enforced in Department of Homeland Security (DHS) pursuant all respects in accordance with United States (U.S.) to 6 U.S.C. § 133, Category A, B, and C federal law or other applicable laws as addressed information, unless the Primary Custodian has herein. designated in writing that the information in 12. This Agreement contains the entire understanding question cannot be shared with our federal partners. between the parties with respect to the proprietary All other information is voluntarily submitted and information described herein and supersedes all may be shared with the Federal Government with prior understandings whether written or oral. Any expectation of protection from disclosure as modification, amendment, assignment or waiver of provided by the provisions of the Critical the terms of this Agreement shall require the Infrastructure Information Act of 2002. written approval of the authorized representative of each party. 7. If any third party makes a demand for any Category A or B information, the MS-ISAC or member shall Multi -State ISAC 2 of 3 Member Agreement 1/1/2012 The foregoing has been agreed to and accepted by the authorized representatives of each party whose signatures appear below: AGREED BY: Primary Custodian: Center for Internet Security Multi -State ISAC Division -2110 Signature Date MS-ISAC Chair Print or Type Name/Title Multi -State ISAC 3 of 3 Member Agreement 1/1/2012 Approved and Adopted this W day of`� �1; ! L6 1 , 20�. CITY OF CARMEL, INDIANA By and through its Board of Public Works and Safety BY: — h V+ James Brainard, Presiding Officer Date: F.1 Christine Pauley, VleP / ser Date:iL