General Service Responsibilities

Transcription

1 Page 1 f 1 Service Descriptin: Cisc Security Optimizatin Service This dcument describes Cisc Security Optimizatin Service. Related Dcuments: This dcument shuld be read in cnjunctin with the fllwing dcuments als psted at (1) Glssary f Terms; (2) List f Services Nt Cvered; and (3) Severity and Escalatin Guidelines. All capitalized terms in this descriptin have the meaning ascribed t them in the Glssary f Terms. Direct Sale frm Cisc. If yu have purchased these Services directly frm Cisc, this dcument is incrprated int yur Master Services Agreement (MSA) with Cisc. In the event f a cnflict between this Service Descriptin and yur MSA, this Service Descriptin shall gvern. Sale via Cisc-Authrized Reseller. If yu have purchased these Services thrugh a Cisc-Authrized Reseller, this dcument is fr descriptin purpses nly; is nt a cntract between yu and Cisc. The cntract, if any, gverning the prvisin f this Service will be the ne between yu and yur Cisc Authrized Reseller. Yur Cisc Authrized Reseller shuld prvide this dcument t yu, r yu can btain a cpy f this and ther Cisc service descriptins at Service Summary The Cisc Security Optimizatin Service is intended t supplement a current supprt agreement fr Cisc prducts. Cisc shall prvide the Security Optimizatin Service described belw as selected and detailed n the Purchase Order fr which Cisc has been paid the apprpriate fee. Cisc shall prvide a Qute fr Services ( Qute ), identifying the varius service elemnts with the crespnding SKUs as shwn in Appendix A, setting ut the extent f the Services and duratin that Cisc shall prvide such Services. Cisc shall receive a Purchase Order that references the Qute agreed upn between the parties and that, additinally, acknwledges and agrees t the terms cntained therein. General Service Respnsibilities Cisc and the Custmer shall have general respnsibilities fund in this sectin belw. General Service Respnsibilities f Cisc Cisc shall prvide the fllwing General Service prvisins fr any Security Optimizatin Service specified in the Qute: Under this Service, Cisc shall prvide the Security Optimizatin Service during Standard Business Hurs, unless stated therwise. Prvide a single pint f cntact ("Cisc Prject Manager") fr all issues relating t the Services. Participate in regularly scheduled meetings with the Custmer t discuss the status f the Services. Ensure Cisc emplyees (including Cisc subcntractrs) cnfrm t Custmer s reasnable wrkplace plicies, cnditins and safety regulatins that are cnsistent with Cisc s bligatins herein and that are prvided t Cisc in writing prir t cmmencement f the Services; prvided, hwever, that Cisc s persnnel r subcntractrs shall nt be required t sign individual agreements with Custmer r waive any persnal rights. Supply Cisc prject team persnnel with a displayable frm f identificatin t be wrn at all times during services activities at Custmer s facility. Cisc reserves the right t determine which f its persnnel shall be assigned t a particular prject, t replace r reassign such persnnel and/r subcntract t qualified third persns part r all f the perfrmance f any Security Optimizatin Service hereunder. Shuld Custmer request the remval r reassignment f any Cisc persnnel at any time; hwever Custmer shall Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

2 Page 2 f 1 be respnsible fr extra csts relating t such remval r reassignment f Cisc persnnel. Cisc shall nt have any liability fr any csts, which may ccur due t prject delays due t such remval r reassignment f Cisc persnnel. General Respnsibilities f Custmer General Services Custmer shall cmply with the fllwing bligatins fr General Services fr any Security Optimizatin Service specified in the Qute: Designate at least tw (2) but nt mre than six (6) technical representatives, wh must be Custmer's emplyees in a security engineer r administratr rle, t act as the primary technical interface t the Cisc designated engineer(s). Custmer will designate as cntacts senir engineers with the authrity t make any necessary changes t the Netwrk cnfiguratin. One individual, wh is a senir member f management r technical staff, will be designated as Custmer s primary pint f cntact t manage the implementatin f services under this Service Descriptin (e.g., chair the weekly cnference calls, assist with priritizatin f prjects and activities). Ensure key engineering, netwrking and peratinal persnnel are available t participate in interview sessins and review reprts as required by Cisc in supprt f Service. Custmer's technical assistance center shall maintain centralized netwrk and security management fr its Netwrk supprted under this Service Descriptin, capable f prviding Level 1 and Level 2 supprt. Prvide reasnable electrnic access t Custmer's Netwrk t allw the Cisc designated engineer t prvide supprt. Custmer agrees t make its prductin, and if applicable, test Netwrk envirnment available fr installatin f Data Cllectin Tls. Custmer shall ensure that Cisc has all relevant Prduct infrmatin needed fr an assessment. If Cisc prvides Data Cllectin Tls r scripts lcated at Custmer's site, Custmer shall ensure that such Data Cllectin Tls r scripts are lcated in a secure area, within a Netwrk envirnment prtected within a firewall and n a secure LAN, under lck and key and with access restricted t thse Custmer emplyee(s) r cntractr(s) wh have a need t access the Data Cllectin Tls and/r a need t knw the cntents f the utput f Data Cllectin Tls. In the event Data Cllectin Tl prvided by Cisc is Sftware, Custmer agrees t make apprpriate cmputers available and dwnlad Sftware as needed. Custmer shall remain respnsible fr any damage t r lss r theft f the Data Cllectin Tls while in Custmer s custdy. Prvide a Netwrk tplgy map, cnfiguratin infrmatin, and infrmatin f new features being implemented as needed. Prvide requirements dcumentatin, lw-level and high- level designs, implementatins plans, and test plans as required fr specific services. Ntify Cisc immediately f any majr security plicy (e.g. firewall rule change; Cisc ISE plicy change) r Netwrk changes (e.g. tplgy; cnfiguratin; new IOS releases; mves, adds, changes and deletes f devices). In the event the Netwrk r Security cmpsitin is altered, after this Service Descriptin is in effect, Custmer is respnsible t ntify Cisc in writing within ten days (10) f the change. Cisc may require mdificatins t the fee if the Netwrk cmpsitin has increased beynd the riginal pricing qute fr Services. Create and manage an internal alias fr cmmunicatin with Cisc. Retain verall respnsibility fr any business prcess impact and any prcess change implementatins. Supply the wrkplace plicies, cnditins and envirnment in effect at the Custmer s facility. Prvide prper security clearances and/r escrts as required t access the Custmer s facility. Custmer agrees that it will nt hire a current r frmer emplyee f Cisc, wh is invlved in the Services under this Service Descriptin, during the term f the Service and fr a perid f ne (1) year after the terminatin f the Service. As liquidated damages, and nt as a penalty, shuld Custmer hire a current r frmer Cisc emplyee wh is invlved in the Services under this Service Descriptin, Custmer shall pay t Cisc three (3) times the annual cmpensatin f such emplyee n the date the emplyee is hired. If payment is nt made n such date, the liquidated damage payment shall be six (6) times the annual cmpensatin f such emplyee. In additin t the General Respnsibilities, Cisc and the Custmer each shall cmply with bligatins as required fr Integratin (CON-AS- SEC) and Advisry (CON-AS-SECADV) security services shwn belw. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

3 Page 3 f 1 Specific Integratin Service Details (CON-AS-SEC) This sectin prvides the service details fr the fllwing Integratin services: Netwrk Device Security Assessment (NDSA) Security Advanced Change Supprt (Security Advanced CS) Security Change Supprt (Security CS) Security Cyber Range (Security CR3) Security Cyber Range (Security CR5) Security Design Develpment Supprt (Security DDS) Security Design Review and Supprt (Security DRS) Security Health Check (Security HC) Security Issue Reslutin and Planning Supprt (Security IRPS) Security Kick-Start Supprt (SKSS) Security Knwledge Service (Security KS) Security Netwrk Cnsulting Supprt (Security NCS) Security Onging Flexible Supprt (Security OFS) Security Perfrmance Tuning Supprt (Security PTS) Security Practive Sftware Recmmendatins (Security PSR) Security Remte Knwledge Transfer (Security RKT) Security Strategy and Planning Supprt (SSPS) Security Technlgy Readiness Assessment (STRA) Security Validatin and Testing Premier Supprt (Security VTPS) Security Validatin and Testing Supprt (Security VTS) Sftware Security Alert (SSA) Netwrk Device Security Assessment Specific Service Respnsibilities f Cisc Cisc will cnsult with the Custmer t prvide a review f the NDSA service, answer questins, and establish mutually-agreed upn expectatins fr the scpe f the assessment and the level f device cnfiguratin sampling. Netwrk Device Security Assessment may include, amng ther infrmatin, the fllwing: Assess up t 350 Cisc device cnfiguratins, but nly 10 f thse devices may be firewalls. Review f Custmer s device security templates. Prvide an encrypted methd fr the custmer t prvide device cnfiguratins and plicies. Analyze device cnfiguratins fcused n cnfiguratin security hardening f the individual devices. Analyze firewall rules fr cmmn cnfiguratin issues. Prvide secure encrypted delivery f the Assessment Reprt, which will include: Gap assessment cmparing Custmer s current practices t Cisc s recmmended best practices, and Priritized list f discvered vulnerabilities and mst critical findings. An interactive presentatin f findings, analysis, and recmmendatins. The deletin, remval, and destructin f cllected custmer data (device list, device cnfiguratins, and device plicies) frm Cisc repsitries. The deletin, remval, and destructin f all draft versins f the assessment reprt. Specific Service Respnsibilities f the Custmer Custmer agrees t prvide individuals with apprpriate expertise and infrmatin abut the netwrk devices t meet with Cisc t prvide infrmatin n the Custmer desired gals and utcmes f the assessment, and insights int relevant business and technical requirements. Once the specialized assessment team has started analyzing cnfiguratins, the device list and cnfiguratins may nt be changed. Custmer is respnsible fr the fllwing: Prvide a list f up t 350 devices, f which 10 may be firewalls, t be included in the assessment. Supply all listed device cnfiguratins and versins in a secure, encrypted manner. Ensure all device cnfiguratins and versins are accurate and up-t-date. Cnfirm that cnfiguratins submitted match the Custmer device list. Ensure all relevant Custmer stakehlders attend the Cisc interactive presentatin f findings, analysis, and recmmendatins. Review and submit cmments and requests fr changes within 10 business-days f the Cisc interactive presentatin f findings, analysis, and recmmendatins. Request in writing by an authrized persn, the destructin f the finalized assessment frm Cisc repsitries. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

4 Page 4 f 1 Security Advanced Change Supprt Specific Service Respnsibilities f Cisc Security Advanced Change Supprt cnsists f a Cisc Security Cnsulting Engineer t supprt design f Custmer plans (netwrk drawings, implementatin plan, test plan rllback plan), and cnfiguratin changes (device cnfiguratins and cabling changes). Emergency Changes. Cisc s ability t supprt an emergency change is dependent n availability f resurce. Cisc has n bligatin t supprt an emergency change if Cisc is unable t assign a Cisc Security Cnsulting Engineer t supprt the change. Planned Changes. Fr planned changes (scheduled twenty-ne (21) calendar days in advance), Cisc will have a Cisc Security Cnsulting Engineer assigned. During the change windw, the Cisc Security Cnsulting Engineer will bserve, prvide input and feedback, and will engage directly when authrized. In the case f a rllback, the Cisc Security Cnsulting Engineer will supprt de-briefing activities, lessnslearned, and mving frward planning. The Cisc Security Cnsulting Engineer will supprt pst-change effrts t validate stability and peratinal functinality. Other Cisc respnsibilities include: Plan Develpment and review f existing plans (e.g., netwrk drawings, implementatin plan, test plan, rllback plan). Review with Custmer fr input, recmmendatins and feedback n plans. Plan Develpment and review f planned changes (e.g., device cnfiguratins, cabling changes). Prvide Change Plan and Device Cnfiguratins Reprt. Change Supprt Windw (e.g., trubleshting supprt, implementatin supprt, supprt relevant Custmer pened TAC cases). Pst- Change Implementatin Supprt (e.g., trubleshting supprt, perfrmance review, stabilizatin effrts). Limitatins: Changes may nt include mre than tw (2) security devices r tw (2) pairs f security devices (e.g., active-standby firewall pairs). Changes may nt include mre than ten (10) netwrk devices. Cisc will determine the cntent and frmat f the deliverable. A change supprt windw may nt be lnger than eight (8) hurs. There may be n mre than tw (2) change supprt windws. Change supprt windws may be after Standard Business Hurs. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Designate persn(s) frm within its technical supprt rganizatin t serve as a liaisn t the Cisc designated engineer. Prvide its designated persn(s) with instructins n prcess and prcedure t engage the Cisc designated engineer. Prvide Schedule, Change Windw Infrmatin, change cntrl prcess, escalatin prcess, standard perating prcedures, relevant nmenclature, and any ther knwn, relevant cnstraints. Supprt develpment and review change plans (e.g., netwrk drawings, implementatin plan, test plan, rllback plan) with Cisc designated engineer. Prvide recmmendatins and feedback n plans; prvide explicit acceptance and rejectins f recmmendatins. Supprt develpment and review planned changes (e.g., device cnfiguratins, cabling changes) with Cisc security engineer. Prvide recmmendatins and feedback n planned changes; prvide explicit acceptance and rejectins f recmmendatins. Prvide reasnable electrnic access t Custmer's Netwrk and security devices t enable Cisc in prviding supprt. Custmer is respnsible fr migrating any cntent t a Custmer template r any custmizatins. Custmer is respnsible fr any Custmer-specific frms, dcuments, scheduling respnsibilities, Custmer internal prcesses, etc. Custmer is respnsible fr pening any cases with vendr s technical assistance center during change windw (e.g. Cisc TAC) Custmer is respnsible fr making cnfiguratin changes t devices. Security Change Supprt Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

5 Page 5 f 1 Specific Service Respnsibilities f Cisc Under Security Change Supprt (Security CS), Cisc will prvide a Cisc designated engineer available during scheduled (planned r emergency) changes t the netwrk, security devices, and security plicies fr the prductin envirnments. Emergency Changes. Cisc s ability t supprt an emergency change is dependent n availability f resurce. Cisc has n bligatin t supprt an emergency change if Cisc is unable t assign a Cisc designated engineer t supprt the change. Planned Changes. Fr planned changes (scheduled twenty-ne (21) calendar days in advance), Cisc will have a Cisc designated engineer assigned. During the change windw, the Cisc designated engineer will bserve, as the plan is executed, prvide recmmendatins and feedback as needed, and will engage directly when authrized. In the case f a rllback, the Cisc designated engineer will supprt de-briefing activities, lessns-learned, and mving frward planning. The Cisc designated engineer will supprt pstimplementatin effrts t check the stability and peratinal functinality. The activities assciated with this service shuld nt exceed a perid f seven (7) calendar days and will include the fllwing: Review f Custmer plans (e.g., netwrk drawings, implementatin plan, test plan, rllback plan). Prvide recmmendatins and feedback n Custmer plans. Reviewing Custmer planned changes (e.g., device cnfiguratins, cabling changes). Prvide recmmendatins and feedback n Custmer planned changes. Change Windw Supprt (e.g., trubleshting supprt, implementatin supprt, supprt relevant Custmer pened TAC cases). Supprt f Pst-Implementatin Plan (e.g., trubleshting supprt, perfrmance review, stabilizatin effrts). Reactive Supprt: Security Change Supprt is intended fr planned changes. Hwever, Custmers may leverage/apply entitlement fr this service fr reactive situatins that are unrelated t planned changes. In these instances, Cisc wuld prvide the fllwing: Prvide technical evaluatin f initial TAC prblem diagnsis based n knwledge f Custmer s netwrk, Prvide technical evaluatin f prpsed unscheduled change t Netwrk, and, Prvide technical representatin in regularly scheduled cnference calls. Fr reactive situatins (e.g., device failure, netwrk utage), Custmer may leverage the Security Change Supprt service fr lifeline supprt; hwever, the fllwing cnditins apply: Custmer must pen a service request with the vendr s technical assistance center (e.g. Cisc TAC) prir t requesting supprt under Security Change Supprt. Entitlement fr 1 unit f change supprt may nt exceed frty (40) hurs f supprt. Entitlement fr 1 unit f change supprt may nt exceed seven (7) calendar days. Rt cause analysis is explicitly excluded; the Security Issue Reslutin and Planning Supprt ffers supprt fr rt cause analysis. Limitatins: A change supprt windw may nt be lnger than eight (8) hurs. There may be n mre than tw (2) change supprt windws. Change supprt windws may be after Standard Business Hurs. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Designate persn(s) frm within its technical supprt rganizatin t serve as a liaisn t the Cisc designated engineer. Prvide its designated persn(s) with instructins n prcess and prcedure t engage the Cisc designated engineer. Prvide Schedule, Change Windw Infrmatin, change cntrl prcess, escalatin prcess, standard perating prcedures, relevant nmenclature, and any ther knwn, relevant cnstraints. Prvide and Review Custmer changes plans (e.g., netwrk drawings, implementatin plan, test plan, rllback plan) with Cisc security engineer. Cnsider Cisc s recmmendatins and feedback n Custmer plans; prvide explicit acceptance and rejectins f recmmendatins. Prvide Custmer planned changes (e.g., device cnfiguratins, cabling changes) with Cisc security engineer. Cnsider recmmendatins and feedback n Custmer planned changes; prvide explicit acceptance and rejectins f recmmendatins. Prvide reasnable electrnic access t Custmer's Netwrk and security devices t enable Cisc in prviding supprt. Making cnfiguratin changes t devices. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

6 Page 6 f 1 Fr Reactive Supprt (e.g., device failure, netwrk utage) unrelated t planned changes, Custmers may leverage entitlement fr Security Change Supprt t request assistance. Custmer respnsibilities in such cases include: Opening a service request with the vendr s technical assistance center (e.g. Cisc TAC) prir t requesting entitlement fr reactive supprt. Ensure that Cisc security engineer has access t TAC case and ntes, if nn-cisc TAC. Ensure that Cisc security engineer is included n all calls and discussins with TAC. Review with Cisc security engineer any prpsed changes. Security Cyber Range Small Specific Service Respnsibilities f Cisc Under Security Cyber Range, Cisc prvides a specialized technical training wrkshp t help security staff build the skills and experience necessary t cmbat mdern cyber threats. Cisc activities may include: Prvide Custmer with wrkshp requirements. Prvide Custmer with wrkshp agenda. Cnduct Cyber Range wrkshp. Prvide standard Cyber Range wrkshp envirnment hused at a Cisc lab via remte VPN. Prvide wrkshp attendees with wrkshp Attendance Certificate. Prvide wrkshp attendees with a Service Cmpletin Certificate. Limitatins: Wrkshps are limited t twelve (12) attendees. Wrkshps are limited t three (3) days n-site at a single Custmer lcatin during Standard Business Hurs excluding Cisc hlidays, lcally recgnized cuntry hlidays, vacatins and training days, r if bth Custmer and Cisc agree, the wrkshp may be held at a designated Cisc lcatin. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Designate a single pint f cntact fr all Cisc cmmunicatin. This persn has the authrity t act n all aspects f the service being perfrmed. Designate a backup cntact when Custmer cntact is unavailable. This persn has the authrity t act n all aspects f the service in absence f the primary cntact. Prvide reasnable access t Custmer site and facilities including, where applicable, cmputer equipment, telecm equipment, facilities and wrkspace. Custmer shall prvide prper security clearance and/r escrts as required t access equipment and/r lab facilities etc. Ensures that cntracts with its wn vendrs, end users, and third parties are fully executed and reflect the crrect terms t enable service delivery. Custmer is respnsible fr the management, supprt, and directin f the resurce supplied t Custmer by Cisc. Prvide Cisc with a cnnectin t the Internet t access the Cyber Range wrkshp envirnment hused at a Cisc lab if the wrkshp is cnducted at Custmer site. Custmer cnfirms wrkshp requirements are fulfilled tw (2) weeks prir t wrkshp. Prvide list f up t twelve (12) wrkshp attendee names. Attend Cyber Range Wrkshp at scheduled times. Security Cyber Range Large Specific Service Respnsibilities f Cisc Under Security Cyber Range, Cisc prvides a specialized technical training wrkshp t help security staff build the skills and experience necessary t cmbat mdern cyber threats. Cisc activities may include: Prvide Custmer with wrkshp requirements. Prvide Custmer with wrkshp agenda. Cnduct Cyber Range wrkshp. Prvide standard Cyber Range wrkshp envirnment hused at a Cisc lab via remte VPN. Prvide wrkshp attendees with wrkshp Attendance Certificate. Prvide wrkshp attendees with a Service Cmpletin Certificate. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

7 Page 7 f 1 Limitatins: Wrkshps are limited t twelve (12) attendees. Wrkshps are limited t five (5) days n-site at a single Custmer lcatin during Standard Business Hurs excluding Cisc hlidays, lcally recgnized cuntry hlidays, vacatins and training days, r if bth Custmer and Cisc agree, the wrkshp may be held at a designated Cisc lcatin. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Designate a single pint f cntact fr all Cisc cmmunicatin. This persn has the authrity t act n all aspects f the service being perfrmed. Designate a backup cntact when Custmer cntact is unavailable. This persn has the authrity t act n all aspects f the service in absence f the primary cntact. Prvide reasnable access t Custmer site and facilities including, where applicable, cmputer equipment, telecm equipment, facilities and wrkspace. Custmer shall prvide prper security clearance and/r escrts as required t access equipment and/r lab facilities etc. Ensures that cntracts with its wn vendrs, end users, and third parties are fully executed and reflect the crrect terms t enable service delivery. Custmer is respnsible fr the management, supprt, and directin f the resurce supplied t Custmer by Cisc. Prvide Cisc with a cnnectin t the Internet t access the Cyber Range wrkshp envirnment hused at a Cisc lab if the wrkshp is cnducted at Custmer site. Custmer cnfirms wrkshp requirements are fulfilled tw (2) weeks prir t wrkshp. Prvide list f up t twelve (12) wrkshp attendee names. Attend Cyber Range Wrkshp at scheduled times. Security Design Develpment Supprt Specific Service Respnsibilities f Cisc Cisc respnsibilities under Security Design Develpment Supprt are limited up t ne (1) cmplex slutin set (e.g., Cisc ISE, Cisc Secure ACS, 802.1x deplyments) r ne (1) nn-cmplex slutin set up t frty (40) devices and include the fllwing: Prvide a Design Develpment Questinnaire Assist with r create Custmer Requirements Dcument, as identified in the Qute Review Custmer s requirements dcumentatin and re-validate the requirements with Custmer. Assist with either the High-Level Design Dcument r the Lw-Level Design Dcument. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Prvide a cmpleted Design Develpment Questinnaire, which will capture infrmatin such as the existing netwrk infrastructure design, existing security infrastructure designs, planned designs, further grwth requirements and additinal custmer requirements. Prvide either the lw-level r high-level design dcument describing the specific set f technical requirements and design gals and specifying the resulting Custmer Netwrk architecture and build-ut plans t meet thse requirements. The level f details must be sufficient t be used as input t an implementatin plan. Prvide r extract additinal infrmatin required in the design effrt (e.g., current and planned traffic characteristics). Prvide dcumentatin f any business requirements and technical requirements fr the new design. Ensure all relevant custmer stakehlders attend the Cisc interactive presentatin f the Design Dcument recmmendatins. Review and submit cmments and requests fr revisins within 10 business-days f the Cisc interactive presentatin f the Design Dcument. Security Design Review and Supprt Specific Service Respnsibilities f Cisc Cisc will cnsult with Custmer via a series f remte meeting, up t 40 hurs f supprt, t develp a thrugh understanding f Custmer s security design requirements and will perfrm the fllwing: Review f Custmer s design requirements, pririties, and gals. Review f security architecture and tplgy. Address design related questins. Analysis f impact f new requirements n existing netwrk. Review and supprt f prtcl design, selectin and cnfiguratin. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

8 Page 8 f 1 Review and supprt f feature design, selectin and cnfiguratin. Review f device security cnsideratins. Infrmal recmmendatins r advice abut a security design. Help Custmer reslve minr design-related issues Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Prvide the lw level design dcument describing the specific set f technical requirements and design gals specifying the resulting Custmer Netwrk architecture and build-ut plans t meet thse requirements. The level f details must be sufficient t be used as input t an implementatin plan. Ensure key detailed design stakehlders and decisin-makers are available t participate during the curse f the Service. Prvide r extract additinal infrmatin required in the design effrt (e.g., current and planned traffic characteristics). Prvide dcumentatin f any business requirements and technical requirements fr the new design. Prvide infrmatin n any current and planned traffic characteristics r cnstraints. Security Health Check Specific Service Respnsibilities f Cisc Cisc will perfrm a Security Health Check, limited t up t ne (1) slutin set r ne (1) cmplex system (e.g., Cisc ISE, Cisc Secure ACS, 802.1x deplyments) and up t twenty (20) devices respnsibilities. Respnsibilities will include: Review Custmer s Security Health Check Request Questinnaire. Establish health check requirements, strategies, and schedules with Custmer. Analyze cnfiguratin and plicy implementatins and align them with crprate security plicies and prcedures, and Cisc best practices, Analyze security devices. Recmmend tuning changes t plicy and devices cnfiguratins. Recmmend design r architecture reviews, if needed. Identify relevant under-utilized prduct and slutin capabilities. Cnduct an Infrmal Knwledge Transfer n identified, relevant under-utilized capabilities (up t 2 hurs in duratin). Perfrm ne (1) interactive tuning sessin with Custmer t implement tuning recmmendatins. Prvide a Security Health Check Reprt Limitatins: Perfrmance tuning may be after Standard Business Hurs. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Cmplete the Security Health Check Request Questinnaire. Review cmpleted Security Health Check Request Questinnaire with Cisc. Establish health check requirements, strategies, and schedule with Cisc. Prvide electrnic access t Cisc t devices such that analysis and tuning may be cmpleted. Review and authrize Cisc s recmmendatins fr tuning. Change management and scheduling f perfrmance tuning. Assisting with interactive tuning sessin with Cisc t implement tuning recmmendatins. Security Issue Reslutin and Planning Supprt Specific Service Respnsibilities f Cisc Cisc will review the security issues, identify the cause, and test and validate t cnfirm the issues have been identified with a prpsed plan t address the issues. Cisc respnsibilities include: Cllect all relevant infrmatin regarding the issue. Analyze infrmatin. Review f Custmer s device security gals and requirements. Prvide secure, encrypted methd fr the Custmer t prvide device cnfiguratins and plicies. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

9 Page 9 f 1 Interactive presentatin f findings, analysis, and recmmendatins. Limitatins: Given the variety f situatins and issues that may be encuntered in prductin envirnments, issues may require a variety f services t cmpliment this service. Fr example: Security VTS r Security VTPS may be required t test and cnfirm causes in a lab envirnment. Design-related issues may require design-related services t prduce a viable plan. Security IRPS prvide insight in causes and a plan fr reslving; hwever, executing the plan may require fllw-n services. Other limitatins include: There is n guarantee that the rt-cause analysis will result in a rt-cause being identified r cnfirmed. Reasnable effrts will be made t prvide cnclusive findings and an issue reslutin plan. Regardless, entitlement f an apprpriate number f service units will be retired. Fr example, after a reasnable effrt, including a Security VTPS lab recreate, t deduce the rt-cause failure f ne (1) security device that results in n-prblem fund, entitlement t ne (1) unit f Security IRPS and ne (1) unit f Security VTPS will be retired. Cisc Services may have t defer t prduct develpment engineering. Wrk may ccur after Standard Business Hurs. Each unit f Security IRPS includes: Up t ne (1) rt-cause analysis; althugh, there may be multiple cntributing causes. Up t six (6) security and/r netwrk devices. Limited up t 80 hurs. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Supply all listed device cnfiguratins and versins in a secure, encrypted manner. Ensure all device cnfiguratins and versins are accurate and up-t-date. Ensure all relevant custmer stakehlders attend the Cisc interactive presentatin f findings, analysis, and recmmendatins. Designate persn(s) frm within its technical supprt rganizatin t serve as a liaisn t the Cisc designated engineer. Prvide reasnable electrnic access t Custmer's Netwrk and security devices t enable Cisc in prviding supprt. Open any necessary cases with vendr s technical assistance center (e.g. Cisc TAC). Security Kick-Start Supprt Kick-Start Supprt is generally initiated fllwing the cmpletin f a Security Health Check where Cisc has identified prduct r slutin capabilities that the Custmer may be under-utilizing. Cisc will cnsult with the Custmer t establish a plan and schedule fr the Security Remte Knwledge Transfer, Security Design Review and Supprt, Security Change Supprt, and Security Perfrmance Tuning further defined in this Service Descriptin. Security Knwledge Service Specific Service Respnsibilities f Cisc Cisc will prvide Security Knwledge Service, thrugh a secure web-based prtal ( Prtal ). In additin t the security prduct and technlgy knwledge services included in this service, the Custmer will als be prvided with access t the fundatinal Netwrk Infrastructure Mdular Knwledge Service at n additinal charge. Cisc respnsibilities include: Custmer user accunt creatin fr the Prtal. Assist with getting the Security Knwledge Service peratinal with apprpriate authenticatin and authrizatins fr user cmmunity. Release security cntent t the registered number f authrized viewers. Security cntent may be white papers, case studies, design guides, cnfiguratin guides, trubleshting guides, training dcuments, deplyment guides, r nline bks and/r manuals. Archive Custmer-specific deliverables when delivered as part f an Advanced Services subscriptin engagement. Update Security cntent as Cisc may revise, update, and/r remve previusly-released multimedia clips and/r cntent. Specific Service Respnsibilities f the Custmer Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

10 Page 10 f 1 Custmer respnsibilities include: Designate persn(s) t be respnsible fr management f prtal accunts within user cmmunity. Prvide list f initial set f users t be authrized n the prtal. Security Netwrk Cnsulting Supprt Where available, Cisc will prvide Netwrk Cnsulting Supprt in the frm f a designated engineer ( Advanced Services Engineer ) t act as the primary interface with Custmer, prviding general advice and guidance related t Custmer s Netwrk, assessment recmmendatins, and remediatin plans, up t five days per week (pending lcal wrk restrictins) during Standard Business Hurs excluding Cisc hlidays, lcally recgnized cuntry hlidays, vacatin, and training days. Custmer directed tasks t be perfrmed by the Advanced Services Engineer are subject t Cisc apprval, which shall nt be unreasnably withheld.. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Prvide Cisc with directin f activities and prjects n which the Custmer needs the Cisc engineer t engage. Security Onging Flexible Supprt Cisc will prvide infrmal, Onging Flexible Supprt fr incremental changes t the netwrk security architecture. This flexible supprt may be applied t ther wrk items within Security Optimizatin Service and 1 Unit is limited t 40 hurs f assigned engineer s time. Cisc engineers will be assigned as wrk items are selected thrughut the term f the service cntract. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Prvide Cisc with details arund what type f supprt is needed when a request is made. Security Perfrmance Tuning Supprt Specific Service Respnsibilities f Cisc Cisc will prvide Security Perfrmance Tuning Supprt, cnsisting f the fllwing: Meet with Custmer t review Security Perfrmance Tuning Supprt Questinnaire. Meet with Custmer t establish perfrmance tuning requirements, strategies, and schedule. Analyze cnfiguratin and plicy implementatins and align them with crprate security plicies and prcedures, and Cisc best practices, Analyze security devices. Recmmend tuning changes t plicy and devices cnfiguratins. Recmmend design r architecture reviews, if needed. Perfrm ne (1) interactive tuning sessin with Custmer t implement tuning recmmendatins. Prvide an infrmal ( ) summary f key findings, tuning recmmendatins, and tuning perfrmed. An additinal unit f Security Perfrmance Tuning Supprt will be charged t the Custmer in the event frmal dcumentatin is requested. Limitatins: Security Perfrmance Tuning Supprt is nt intended fr cmplex-systems and slutins, such as: Cisc ISE envirnments Cisc Secure ACS deplyments Netwrk devices supprting cmplex 802.1x deplyments Each unit f Security Perfrmance Tuning and Supprt includes: Up t ne (1) slutin set (e.g. firewall slutin, VPN slutin, intrusin preventin system) OR up t ne (1) security device type (e.g. multi-purpse security devices supprting firewall, VPN, and IPS. Fr slutin sets: Up t five (5) devices within given slutin set fr the first Security PTS unit. Fr slutin sets: Up t five (5) additinal devices fr additinal Security PTS units IF a new slutin set is added. Fr example, if the Security PTS includes firewall and VPN slutins then tw Security PTS units allws up t ten (10) firewall and/r VPN devices t be analyzed and tuned. Fr slutin sets: Up t fifteen (15) additinal devices fr additinal Security PTS units IF the slutin set des nt change. Fr Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

11 Page 11 f 1 example, if the Security PTS includes a VPN slutin then tw Security PTS units allws up t twenty (20) VPN devices t be analyzed and tuned. Fr security device type: up t tw (2) security devices. Wrk may ccur after Standard Business Hurs. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Cmplete the Security Perfrmance Tuning Supprt Questinnaire. Meet with Cisc t review Security Perfrmance Tuning Supprt Request Frm Meet with Cisc t establish perfrmance tuning requirements, strategies, and schedule. Prvide electrnic access t Cisc t devices such that analysis and tuning may be cmpleted. Reviewing and authrizing Cisc s recmmendatins fr tuning. Change management and scheduling f perfrmance tuning. Assisting with interactive tuning sessin with Cisc t implement tuning recmmendatins. Security Practive Sftware Recmmendatins Specific Service Respnsibilities f Cisc Cisc will prvide practive sftware recmmendatins that evaluate the varius Security Sftware versins against internal Cisc caveat databases. Cisc will be respnsible fr the fllwing: Prvide the Security PSR Questinnaire. Gather Custmer prvided Security Sftware infrmatin, feature, functinality and capability requirements. Review the new Security Sftware features requested by the Custmer. Dcument all features t be included in the Security Sftware Recmmendatin Evaluate the installed Sftware releases and new versins fr interperability issues and the ability t supprt current and future business and technical requirements. Prvide detailed reprt including knwn caveats t which Custmer may be expsed and if pssible, apprpriate wrkarunds fr current and future business and technical bjectives. Limitatins: Each unit f the Security Practive Sftware Recmmendatin includes: Up t ne (1) sftware recmmendatin fr ne (1) Cisc prduct. Up t three (3) feature set prfiles, based n up t five (5) sample cnfiguratins fr each prfile, prvided by custmer as representatives f deplyed prducts. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Cmplete the Security PSR questinnaire. Prvide Cisc with sample cnfiguratins fr the Sftware being reviewed. Prvide Cisc with a netwrk diagram shwing the devices and their relatinship t ther equipment in the Custmer netwrk. Prvide Cisc with a list f required new features that need t be supprted by the sftware t be reviewed. Review and accept the list f features t be included in the recmmendatin as prvide by Cisc. Review and apprve the recmmendatin results if it meets all requirements f the Custmer. Security Remte Knwledge Transfer Specific Service Respnsibilities f Cisc Cisc will cnsult with Custmer t identify requirements and tpics fr infrmal training sessins. Remte Knwledge Transfer Sessins are: Delivered in English (ther languages subject t availability), Delivered remtely fr up t fur (4) hurs in length, with n labs and n printed curse materials, Relevant t the Cisc prducts and technlgies deplyed in Custmer s prductin Netwrk. Frmal knwledge transfer sessins fcusing n best practices fr perating, tuning, maintaining, and managing Cisc security slutins Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

12 Page 12 f 1 Infrmal technical updates n a tpic that is mutually agreed upn and relevant t security technlgies, and, Chalk talks, Shadwing and mentring as needed t assist yur staff in assuming respnsibility fr Cisc security slutin, Onging cnsultatin t answer questins as needed fr 30 days after a deplyment. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Prvide details n desired/requested tpics Custmer wants t see cvered during the knwledge transfer and mentring sessins. Prvide backgrund infrmatin n the Custmer participant skill sets fr the knwledge transfer r mentring sessins. Prvide Custmer facilities and equipment (such as cnference rms, white bards, prjectrs) and make them available t hst the infrmal technical update sessins. Security Strategy and Planning Supprt Specific Service Respnsibilities f Cisc Cisc will prvide strategic and tactical guidance via a series f meetings r wrkshp arund a Custmer selected security tpic fllwed by a wrkshp fr up t three (3) days t wrk thrugh the incubatin and strategy prcess cvering tpics that may include but are nt limited t security technlgies, clud, TrustSec and identity, IT GRC (Gvernance, Risk Management and Cmpliance), TeleWrking, management, data center and cllabratin security. Cisc respnsibilities include: Briefing Custmer n the service and service ptins. Cnduct a Custmer pre-planning wrkshp. Cnducting Custmer planning wrkshp. Capture synpsis and recmmendatins frm wrkshp. Pst-wrkshp analysis. Cnduct pst-wrkshp fllw-up meeting. Capture synpsis and final recmmendatins pst-wrkshp meeting. Create Wrk Summary and submit fr Custmer Review Limitatins: Each unit f Security Strategy and Planning Supprt includes: Up t three (3) majr challenge areas. Up t three (3) meetings r ne (1) full-day pre-wrkshp meeting. Up t three (3) days fr an nsite, ffsite, r TelePresence wrkshp. Up t three (3) fllw-up meetings r ne (1) full-day pst-wrkshp meeting. Up t fur (4) cncurrent Cisc participants. Specific Service Respnsibilities f the Custmer Custmer respnsibilities include: Ensure all key stakehlders participate in Cisc briefing n the service and service ptins. Ensure all key stakehlders participate in the Cisc cnducted meetings and wrkshps. Prepare fr wrkshp and prvide detailed briefing with supprting facts. Review and apprve the Wrk Summary Review. Security Technlgy Readiness Assessment Specific Service Respnsibilities f Cisc Cisc will wrk with Custmer t define the Custmer s business, technical and peratinal requirements, analyzing implementatin requirements fr a new security slutin and assess the readiness f Custmer s Netwrk devices, peratins, security plicies, and architecture t supprt the slutin Cisc is respnsible fr the fllwing: Deliver the STRA questinnaire at least seven (7) business days prir t design wrkshp. Cnduct design wrkshp t review STRA questinnaire. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

13 Page 13 f 1 Analyze implementatin requirements fr a new security technlgy and assess the readiness f Custmer s infrastructure, peratins, security plicies, and architecture t supprt the slutin. Develp Security Readiness Assessment Reprt t dcument findings and recmmendatins including recmmendatins fr mdificatins t the netwrk infrastructure and t cnfiguratin parameters fr applicatin perfrmance and availability. Cnduct an interactive meeting with the custmer t review all findings and develp steps t address gaps t ensure that the envirnment is ready t supprt the new technlgy. Limitatins: Each unit f Security Technlgy Readiness Assessment includes: Up t ne (1) security technlgy (i.e. Cisc ISE, AnyCnnect Remte VPN, 802.1x deplyments) Up t tw (2) netwrk segments with a ttal f up t ten (10) custmer device classes. A class is defined as a grup f devices (i.e. firewalls r ruters) with similar cnfiguratins. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Respnd t STRA questinnaire at least tw (2) business days prir t design wrkshp. Ensure that apprpriate custmer engineers and management participate in the design wrkshp. Actively participate in develpment f steps t address changes required t ensure the netwrk is ready t supprt the new technlgy. Security Validatin and Testing Premier Supprt Specific Service Respnsibilities f Cisc Cisc will cnsult with Custmer via a series f meetings t develp a thrugh understanding f Custmer s slutin-riented testing gals and requirements Cisc will execute netwrking tests and reprt findings t Custmer. Supprt may include, amng ther infrmatin, the fllwing: Prvide Custmer with Request fr Validatin and Testing Supprt Questinnaire, and a sample reprt. Review the Request fr Validatin and Testing Supprt Questinnaire. Meet with Custmer t discuss respnses t the Request fr Validatin and Testing Supprt Questinnaire, which may include the gals, business and technical requirements, testing methdlgy, Cisc standard validatin and testing deliverable dcument frmat. Create and review the Test Plan with Custmer. Prvide Custmer with requirements including lab facility, equipment, sftware, cabling, and interface requirements. Execute Test Plan upn Custmer acceptance f Test Plan and Testing Schedule. Perfrm and dcument Test Results Analysis. Review Validatin and Testing Reprt with custmer. Review Custmer feedback. Finalize and submit Validatin and Testing Reprt t Custmer. Prvide lcal supprt at the Cisc lab facility, as needed, during remte testing. Fr example: in the event f a cable r cnnectr failing during testing, then Cisc is respnsible fr prviding replacement cable r cnnectr. Prvide Lab facility, equipment, sftware, cables, cnnectrs, etc. required t perfrm testing. Set-up Lab, including rack and stack f equipment, cabling f pwer and netwrk cnnectins, cnfirmatin f pwer-n selftest f equipment, cnfirmatin f sftware versin, and initial device cnfiguratins. Cisc will utilize the fllwing services and lab equipment t deliver Security VTPS 320 t 400 hurs f Expertise, Test Engineer 80 Hurs f Prgram management Up t $1.5M GPL List f HW (Included) Limitatins: Each unit f Security Validatin and Testing Supprt includes: Up t tw (2) weeks fr methdlgy develpment Up t tw (2) weeks fr test plan develpment. Up t ne (1) week fr Cisc site test lab setup Up t tw (2) weeks design validatin testing. Up t ne (1) week results analysis. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

14 Page 14 f 1 Mst engagements are between eight (8) and ten (10) weeks. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Cmplete the Request fr Validatin and Testing Supprt Questinnaire, which may include infrmatin such as gals, business and technical requirements, desired features and functinality, netwrk diagrams, desired test plan and success criteria, and desired testing methdlgy. Prvide apprpriate prductin device cnfiguratins, if needed, fr testing. Prvide a designated single pint f cntact with authrity t apprve decisins. Prvide Custmer supprt as needed fr third-party r Cisc cmpetitr prducts. Prvide equipment (including shipping t Cisc lab) sme third-party r Cisc cmpetitr prducts. Security Validatin and Testing Supprt Specific Service Respnsibilities f Cisc Cisc will cnsult with Custmer via a series f meetings t develp a thrugh understanding f Custmer s slutin-riented testing gals and requirements Cisc will execute netwrking tests and reprt findings t Custmer. Supprt may include, amng ther infrmatin, the fllwing: Prvide Custmer with Request fr Validatin and Testing Supprt Questinnaire, and a sample reprt. Review the Custmer cmpleted Request fr Validatin and Testing Supprt Questinnaire. Meet with Custmer t discuss respnses t the Request fr Validatin and Testing Supprt Questinnaire, which may include the gals, business and technical requirements, testing methdlgy, Cisc standard validatin and testing deliverable dcument frmat. Create and review the Test Plan with Custmer. Prvide Custmer with requirements including lab facility, equipment, sftware, cabling, and interface requirements. Execute Test Plan upn Custmer acceptance f Test Plan and Testing Schedule. Perfrm and dcument Test Results Analysis. Review Validatin and Testing Reprt with custmer. Review Custmer feedback. Finalize and submit Validatin and Testing Reprt t Custmer. Limitatins: On Custmer Site / Lcatin Equipment supplied by Custmer. Up t ne (1) week fr testing setup. Up t tw (2) weeks f lab executin. 200 hurs f Expertise, Test Engineer. 40 Hurs f Prgram management. T&E as needed. Other limitatins include: Security Validatin and Testing Supprt is nt ffered in every gegraphy r lcatin. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Cmplete the Request fr Validatin and Testing Supprt Questinnaire, which may include infrmatin such as gals, business and technical requirements, desired features and functinality, netwrk diagrams, desired test plan and success criteria, and desired testing methdlgy. Prvide Lab facility, equipment, sftware, cables, cnnectrs, etc. required t perfrm testing. Prvide apprpriate prductin device cnfiguratins, if needed, fr testing. Set-up Lab, including rack and stack f equipment, cabling f pwer and netwrk cnnectins, cnfirmatin f pwer-n selftest f equipment, cnfirmatin f sftware versin, and initial device cnfiguratins (in cases such as prductin deplyment re-creatins). Prvide lcal supprt, as needed, during nsite and remte testing. Fr example: in the event f a cable r cnnectr failing during testing, then custmer is respnsible fr prviding replacement cable r cnnectr. Prvide Custmer supprt as needed fr sme third-party r Cisc cmpetitr prducts. Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc

15 Page 15 f 1 Sftware Security Alert Cisc will prvide practive analysis f the security advisries (PSIRTs) that Cisc generates when security issues are uncvered that may impact netwrks in which Cisc prducts perate and the necessary actin t repair and/r prtect the netwrk frm these issues. After Cisc publicly releases the security advisry, the assessment is delivered t the Custmer via the Sftware Security Alert (SSA). Cisc will prvide an analysis f the vulnerability and its reslutin with regard t its pssible impact n the Custmer s Security slutin. Analysis f hw a Cisc Security Advisry may r may nt affect Custmer s Netwrk, Recmmendatins t mitigate risk, and, List f affected r ptentially affected Netwrking devices. Specific Service Respnsibilities f the Custmer Custmer is respnsible fr the fllwing: Prvide Cisc with a designated cntact t handle all Security related annuncements. Specific Advisry Service Details (CON-AS-SECADV) This sectin prvides the service details fr the fllwing Advisry services: Incident Respnse Retainer Security Onging Flexible Supprt Security Cnsulting Services Security Prgram Assessment and Strategic Radmap Cmmercial Security Prgram and Cntrl Design Assessment Applicatin Architecture Assessment Applicatin Penetratin Assessment SDLC Imprvement Mbile Applicatin Assessment Netwrk Architecture Assessment Netwrk Penetratin Test Wireless Security Assessment Physical Security Assessment Scial Engineering Red Team Mbile Security Strategy Wrkshp Clud Security Strategy Wrkshp Clud Cmpliance Health Check Clud Architecture Assessment Security Metrics Wrkshp Third Party Assessment Privacy Impact Analysis Security/IT Risk Prgram Supprt Staff Augmentatin Infrmatin Security Prgram Develpment Infrmatin Security Risk Prgram Develpment Infrmatin Security Risk Assessment Security Metrics Prgram Develpment Third Party Risk Prgram Develpment Assessment f Organizatinal Alignment t ISO Assessment f Organizatinal Alignment t ISO HIPAA and HITECH Assessment PCI ASV Scanning Service PCI-DSS Readiness Assessment Enterprise Security Advisr Security Segmentatin Service Further, as a cnditin t Cisc prviding the fllwing Advisry Services, Custmer understands, acknwledges and agrees as fllws: Cntrlled Dc. #EDM Ver: 9.0Last Mdified:6/6/2017 8:03:13 AM Cisc Security Optimizatin Service.dc