Cyber Connective Platform

PROOF OF VALUE TERMS AND CONDITIONS

     

    PROOF OF VALUE TERMS AND CONDITIONS 

    1. LICENSE: Subject to the terms of this Agreement, C3 grants to Customer a nonexclusive, non transferable license to use and access the software specified on Exhibit A (the “Cloud Based Product” or “the Software”) during the term of this Agreement, solely for the purpose of testing and evaluation, and not for general production use. C3 may make available to Customer for trial or evaluation use, the Software, including services, software, or features that may not yet be generally available, including pre-release or beta versions of the foregoing which may not operate correctly (collectively, “Trials”) and which may not be fully configured or may represent only a subset of the capabilities of the Software. Trials may include partial features or functionality of the Software.  Customer may access and use Trials solely for the purpose of evaluating and testing the Software and identified features.  Customer will not modify, reverse engineer, disassemble, transfer, sublicense or distribute the Software.  Customer will not copy the Software except as necessary to use the Software in accordance with the terms of this Agreement.
    2. EVALUATION: Customer will test and evaluate the Software and provide C3 with reports of any errors or defects and suggestions for improvements to the Software. Customer will assess the Software’s alignment with and ability to support its needs. 
    3. DEMONSTRATION LICENSES: At its discretion and from time to time, C3 may offer Customer a limited number of licenses to the Software for demonstration or promotional purposes to prospective Customers (“Demo Licenses”).  C3 reserves the right to terminate any such Demo Licenses at its discretion and without notice.  
    4. OWNERSHIP: C3 owns all right, title, and interest in and to the Software, including all copyrights, patents, trade secrets, and other intellectual property rights therein (collectively, “Intellectual Property Rights“).  Customer will not earn or acquire any rights or licenses in the Software or in any Intellectual Property Rights on account of this Agreement or Customer’s performance hereunder.  Customer hereby assigns to C3 all of Customer’s right, title, and interest in and to any suggestions for improvements to the Software provided by Customer to C3, including all Intellectual Property Rights therein.  At C3’s request, Customer will assist C3 in obtaining Intellectual Property Rights protection for such improvements, as C3 may reasonably direct. Customer acknowledges that no rights are hereby granted or intended to be granted in the future by C3 under any patents, trademarks, or copyrights of C3 through either the execution or implementation of this Agreement or performance by the parties hereunder.
    5. CONFIDENTIAL INFORMATION: Customer will hold the Software, any features, results or output produced by the Software, and the terms of this Agreement (collectively, “Confidential Information“) in strict confidence and not use or disclose any Confidential Information except as expressly permitted in this Agreement.  Customer will employ all reasonable steps to protect such Confidential Information from unauthorized disclosure or use, including but not limited to all steps that it takes to protect its own information of like importance.  Customer may disclose Confidential Information only to its employees with a need to know to test and evaluate the Software.  Customer will  instruct all such employees in advance that they must comply with the restrictions set forth herein.  Customer shall have no obligation to maintain the confidentiality of any information which (a) is or becomes publicly available without breach of this Agreement; (b) is rightfully received by Customer from a third party without an obligation of confidentiality and without breach of this Agreement; (c) is developed independently by Customer without access to or use of the Confidential Information; or (d) has been approved for release by written authorization of C3.
    6. DATA PROTECTION: Customer will use commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, or disclosure of C3’s Cloud- Based Product in accordance with its Security and Privacy Standards.
    7. DISCLAIMER OF WARRANTIES: THE SOFTWARE IS SUPPLIED ON AN “AS IS” BASIS WITHOUT WARRANTY OF ANY KIND.  C3 DISCLAIMS ALL WARRANTIES, BOTH EXPRESS AND IMPLIED, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTIES OF NONINFRINGEMENT.  Customer acknowledges that:  (a) the Software is not an official product and has not been commercially released by C3; (b) the Software may not be in final form or fully functional/ fully configured and may contain errors, design flaws or other problems.  
    8. LIMITATIONS OF LIABILITY: IN NO EVENT SHALL C3 BE LIABLE TO CUSTOMER FOR DAMAGES OF ANY KIND ARISING FROM USE OF THE SOFTWARE, WHETHER RESULTING FROM TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, INCLUDING BUT NOT LIMITED TO DIRECT, INDIRECT, SPECIAL, INCIDENTAL AND CONSEQUENTIAL DAMAGES OF ANY KIND, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    9. TERM AND TERMINATION: This Agreement will begin on the Effective Date and remain in effect thereafter unless terminated in accordance with the terms of this Agreement.  Either party may terminate this Agreement, at any time, for any reason or for no reason, by providing the other party five (5) business days prior written notice.  C3 may terminate this Agreement immediately if Customer breaches any provision of this Agreement regarding C3’s Intellectual Property Rights or Confidential Information.  Upon any termination of this Agreement: (a) the license rights granted to Customer under this Agreement will automatically terminate. The rights and obligations of the parties under Sections  4, 5, 6, 7, 8, 9 and 10 will survive the termination of this Agreement.
    10. GENERAL: Customer may not assign this Agreement without C3’s prior written consent, and any attempted assignment without such consent will be void.  Customer acknowledges that any breach of its obligations under this Agreement with respect to C3’s Intellectual Property Rights or Confidential Information will cause C3 irreparable injury for which there are inadequate remedies at law, and, therefore, C3 will be entitled to equitable relief in addition to all other remedies provided by this Agreement or available at law or equity.  This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Virginia, without regard to or application of conflict of law rules or principles.  The waiver of any breach or default will not constitute a waiver of any other right hereunder or any subsequent breach or default.  This Agreement (including its exhibit) constitutes the entire agreement between the parties regarding the subject matter hereof, and supersedes any and all prior agreements and understandings (both written and oral) regarding such subject matter.  This Agreement may only be modified, or any rights under it waived, by a written document executed by both parties.

     

    EXHIBIT A 

    SOFTWARE/ CLOUD – BASED PRODUCT 

     

    The Connective Platform ™ (“TCP”) 1 is a cloud-based product and a web-enabled tool or an apparatus which comprises: 

     

    • at least one processor;
    • a non-transitory processor readable medium storing machine-readable instructions that causes  at least one processor to:
      process disparate types of values in data collected from multiple data sources to enable the values to be interoperable with each other;
       apply predetermined weighting factors to the values to generate weighted values;
      calculate, from the weighted values, scores for a plurality of cyber-risk domains related to cybersecurity of an organization;
      identify a first set of the plurality of cyber-risk domains that are assigned to a first level in the organization;
      identify a second set of the plurality of cyber-risk domains that are assigned to a second level in the organization, wherein the second set of the plurality of cyber-risk domains differs from the first set of the plurality of cyber-risk domains;
      generate a first dashboard to include the first set of the plurality of cyber-risk domains and the calculated scores or indicators for the first set of the plurality of cyber-risk domains;
      generate a second dashboard to include the second set of the plurality of cyber-risk domains and the calculated scores or indicators for the second set of the plurality of cyber-risk domains; 
      output the first dashboard and the second dashboard to enable monitoring and remediation of cybersecurity issues in the organization; and
      generate the first dashboard and the second dashboard to include the identified cyber-risk domains and scores or indicators corresponding to the plurality of divisions to provide comprehensive and simultaneous monitoring of cybersecurity issues associated with the plurality of divisions of the organization. 

     

    Sample feature set of TCP Executive Dashboard includes: 

     

    • Ability to align executive reporting to industry standards such as NIST
    • Identification of risk and trends based on executive interests
    • Reporting of risks from CEO, CIO and CISO level
    • Providing trend, highlighting those in alignment with internal policies vs those that are not
    • Report on individual connected systems  

     

    Sample feature set of TCP Shield includes: 

     

    • TCP Shield interfaces with any, and all existing or future telemetry investments of the organization.
    • Data from all telemetries are correlated and de-duplicated related to all IT assets. A clear and comprehensive inventory of all systems and applications is created by linking that data, including identification of assets previously not identified and those that are missing.
    • Using a rules-based connectivity engine that incorporates accepted industry policies, audit requirement policies, and internal corporate policies, each vulnerability is assessed and assigned an accurate priority, along with a recommended remediation approach and timeline.
    • Vulnerabilities are grouped and assigned for remediation based on corporate demarcations relative to geography, organization, business unit, or function.
    • Vulnerability reports are generated at the most detailed level and at summary levels, including  priority and remediation reports, daily, weekly, and monthly summaries of actions taken and results achieved, and summary level dashboards for senior level management and business unit leadership. Driven by a graphical user interface managed by the enterprise security organization, reporting is thus provided for all levels of management and all individuals based on the information they each need.  

     

     TCP Shield Vulnerability Tracking  includes: 

    • Tracking and reporting on trends such as remediation progress, and new or closed vulnerabilities
    • State of vulnerability changes for each of the severities with ability to organize based on client’s grouping
    • Relative threshold and color gradients based on % increase/decrease- eg: any decrease = green, increase by 10% = yellow, increase by more 10+% = red, etc
    • Grouping and sub-grouping (example region, country, etc) host count changes and trending line chart showing host count
    • Available workflow integration with fine grain approval process/tracking including email notification
    • Integration with connected systems (such as ticketing, asset management systems, etc)
    • Identification of distinct policies in use in the corporation and pointing out those that are in violation of those policies
    • Status of connected systems.