Infragard Secure Access Agreement

INFRAGARD_secure-access-agreement

Standard SA Agreement (05/1999)

  • 8 pages
  • May 1999

Download

WHEREAS, InfraGard is a cooperative undertaking between the FBI and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of United States critical infrastructures;

WHEREAS, all InfraGard participants are committed to the proposition that a robust exchange of information about threats to and actual attacks on these critical infrastructures is an important element for successful infrastructure protection efforts; and

WHEREAS, the goal of InfraGard is to enable that information flow so that the owners and operators of infrastructure assets can better protect themselves and so that the United States government can better discharge its law enforcement and national security responsibilities.

NOW, THEREFORE, as parties to this Agreement, the FBI and the InfraGard Member agree as follows:

InfraGard Member Participation

1. InfraGard Secure Access Participation is Voluntary. The InfraGard Member is participating in InfraGard voluntarily and is not obligated as a condition of participation or by this Agreement to disclose any information to the FBI or to any other InfraGard participant. The InfraGard Member agrees to act consistent with the InfraGard National By-Laws, as may be amended from time to time, as well as any other duly enacted national requirements of InfraGard.

2. InfraGard Information is Submitted in Good Faith, but Otherwise is Without Warranty. In order to encourage the timely dissemination of information, the InfraGard Member undertakes no duty as a condition of participation in InfraGard to evaluate or verify information submitted to the FBI or to any other InfraGard participant, nor is any such duty imposed by this Agreement. Nothing contained in this Agreement shall constitute any representation or warranty, express or implied, by the InfraGard Member with respect to the accuracy, completeness, or usefulness of any information; or to the legitimate, or noninfringing,
ownership of the information by the InfraGard Member as against the patent, copyright, or other property rights of third parties. The InfraGard Member agrees that it will not submit information which it knows at the time of submission to be false and that it will submit information only in good faith to further InfraGard’s stated purposes. The InfraGard Member further agrees that InfraGard is not to be commercially exploited as a forum to market products or services.

3. InfraGard Information is Received Without Expectation of Warranty. The InfraGard Member acknowledges and agrees that information submitted by other InfraGard participants, and FBI alerts, website
postings, or other InfraGard-related communications, may be unevaluated and unverified, and that to the same extent as provided in Paragraph 2 above, no such information, alerts, postings, or communications shall constitute any representation or warranty. The InfraGard Member acknowledges and agrees that it must use its own judgment in assessing the nature and accuracy of all InfraGard-related information, and that the InfraGard Member is solely responsible and assumes all risk for taking, or not taking, any action based on such information.

4. InfraGard Information May Not Be Generally Disclosed. The InfraGard Member agrees that it will not disclose any information learned or obtained through InfraGard other than to another InfraGard participant that has executed an agreement substantially similar to this Agreement, unless such information has been expressly designated for public disclosure. This restriction applies against disclosures to any third parties as well as to any agent, representative, contractor, subcontractor, consultant, advisor or other individual or entity affiliated with the InfraGard Member, unless such individual or entity has executed or is otherwise bound by an agreement substantially similar to this Agreement. In furtherance of preventing the general disclosure of information learned or obtained through InfraGard, the InfraGard Member also agrees to exercise due care in disseminating among its own employees any information learned or obtained through InfraGard that has not been designated for public disclosure (“Secure Information”). Among its own employees, the InfraGard Member agrees that it will disclose Secure Information only to the extent an individual requires access to that information for security or systems administration purposes, and only after advising the employee of the terms of this Agreement and the requirement that the employee comply with this Agreement. The InfraGard Member further agrees to maintain a list, legible and kept current, bearing the names of each employee having access to any Secure Information over the prior 12 months, and to provide that list to the FBI should it so request. Nothing in this Agreement is meant to prohibit the InfraGard Member from using Secure Information to benefit the security or systems administration of a third party that has not executed an agreement substantially similar to this Agreement, provided that in doing so the InfraGard Member does not disclose the substantive content of the Secure Information.

Protection of Proprietary Information

5. Proprietary Information Defined. As used herein, “proprietary information” means any closely-held data or information not generally available to the public which is in the possession of the InfraGard Member and relates to, but is not limited to, products, methods, skills or operations developed or employed by the InfraGard Member, or privileged or confidential commercial or financial information of the InfraGard Member, which is disclosed to the FBI hereunder, and which the InfraGard Member desires to protect against unrestricted disclosure or competitive use or exploitation.

6. It is the InfraGard Member’s Responsibility to Identify Proprietary Information. Information which is to be protected hereunder as proprietary information shall (a) if in writing or other tangible form, be conspicuously labeled at the time of delivery as “Proprietary” or “Confidential,” together with the InfraGard Member’s name. Such legend shall appear conspicuously on each page of any document, material, or information containing any form of proprietary information, and any page not so marked shall be held to contain no proprietary information of any kind, unless prior to disclosure of particular documents,
materials, or information the parties agree in writing that all information contained therein is proprietary information; and (b) if oral or in any other intangible form, be identified as proprietary information prior to disclosure, be reduced to writing by the InfraGard Member, and be labeled as indicated in “(a)” above within fifteen (15) business days after its disclosure. Any information not so identified shall be held to contain no proprietary information of any kind.

7. The InfraGard Member Specifically May Designate Information For Further Disclosure. In order to facilitate the dissemination of information to other interested persons or entities, the InfraGard
Member may designate any or all of the information it submits to the FBI as “Public Information.” By so designating submitted information, the InfraGard Member expressly waives any and all claims that the
information, as submitted, is proprietary information and consents to its further release in furtherance of InfraGard’s aims. The InfraGard Member also may designate any or all of the information it submits to the FBI as “Secure Information,” with the intent that such information be limited in its disclosure to other InfraGard participants who have executed an agreement substantially similar to this Agreement.

8. The InfraGard Member May Correct Inadvertent Failures to Identify Proprietary Information. The InfraGard Member shall have the right to correct any inadvertent failure to designate information as proprietary information by written notification to the FBI. The FBI will then treat such information as proprietary information. Written confirmation of the proprietary nature of a prior disclosure shall indicate the date of disclosure, identify the persons privy to the initial disclosure, and append a summary or copy of the proprietary information disclosed.

9. Proprietary Information Disclosed to the FBI Under a Prior Non-Disclosure Agreement Retains Its Proprietary Status. Information disclosed by the InfraGard Member to the FBI prior to the effective date of this Agreement pursuant to the terms of a prior non-disclosure or similar agreement between the parties, the disclosure of which information (whether termed confidential, proprietary, or the like) was restricted under such agreement, shall retain that status and shall be treated as proprietary information by the FBI under the terms of this Agreement without further action on the part of the InfraGard Member.

10. Disclosure of Proprietary Information to the FBI Confers Upon the FBI Only Limited Rights. This Agreement shall not be construed as conferring upon the FBI any rights or license in any proprietary information disclosed to the FBI, except the limited right to use such information for the purpose of furthering InfraGard’s aims and the FBI’s law enforcement and national security responsibilities. No disclosure to the FBI of any proprietary information hereunder shall be construed to be a public disclosure of such proprietary information by the InfraGard Member for any purpose whatsoever.

11. The FBI Will Exercise Care to Protect Proprietary Information. The FBI agrees to use the same degree of care in protecting proprietary information received under this Agreement as it exercises in respect of its own sensitive information. The FBI agrees to restrict access to proprietary information received under this Agreement to only those United States government officers, employees, detailees, agents,
representatives, task force members, contractors, subcontractors, consultants, or advisors with a “need to know” such information, and other state or local law enforcement officials with a need to know such
information in the performance of official responsibilities compatible with InfraGard’s aims. The FBI agrees that anyone it gives access to information will be informed of the terms of this Agreement and required to comply with this Agreement. The FBI further agrees, to the extent allowed by law, that proprietary information received hereunder shall be protected from mandatory agency disclosure under Section 552(b)(4) (“Exemption 4”) of Title 5, United States Code (U.S.C.), the Freedom of Information Act (“FOIA”), and from publication, divulgence, or release in any other manner pursuant to the prohibitions of the Trade Secrets Act, 18 U.S.C. Section 1905.

12. Proprietary Information Exceptions. Notwithstanding any other provisions in this Agreement, the obligations of the FBI with respect to proprietary information shall not apply to any information which,

a. prior to the date of this Agreement was in the possession of the FBI free of any nondisclosure obligation;

b. is or becomes publicly available other than by unauthorized disclosure or is lawfully obtained from a third party by the FBI without obligation of protection;

c. is independently developed by the FBI without reference to proprietary information received hereunder;

d. is disclosed without similar restrictions to a third party by the InfraGard Member;

e. has been sanitized by the FBI so as to remove any reasonable likelihood of being linked to the InfraGard Member or used to the InfraGard Member’s financial or competitive disadvantage;

f. is identified in writing by the InfraGard Member as no longer proprietary;

g. is identified in writing by the InfraGard Member for disclosure;

h. is requested by either House of Congress or, to the extent of matter within its jurisdiction, by any committee or subcommittee thereof, any joint committee of Congress, or subcommittee of any such joint
committee;

i. is required to be disclosed pursuant to a valid order of a court of competent jurisdiction; provided, however, the FBI shall have first given notice to the InfraGard Member and made a reasonable effort to
obtain a protective order for proprietary information not designated for disclosure to other InfraGard participants; or,

j. is required to be disclosed to any government agency or as otherwise required to be disclosed by law, provided that before making such disclosures, the FBI shall give the InfraGard Member an adequate
opportunity to interpose an objection or take action to secure confidential handling of proprietary information not designated for disclosure to other InfraGard participants.

13. The InfraGard Member Will Not Seek or Misuse Any Other Participant’s Proprietary Information Without Consent. The InfraGard Member acknowledges and agrees that it shall not seek from the FBI, under FOIA or otherwise, proprietary information provided to the FBI by any other InfraGard participant having executed an agreement substantially similar to this Agreement. The InfraGard Member further agrees that it will not use any Secure Information for competitive advantage against another InfraGard participant. Notwithstanding any other provisions in this Agreement, the obligations of the InfraGard Member with respect to Secure Information shall not apply to any information which,

a. prior to the date of this Agreement was in the possession of the InfraGard Member free of any nondisclosure obligation;

b. is or becomes publicly available other than by unauthorized disclosure, or is lawfully obtained from a third party by the InfraGard Member without obligation of protection;

c. is independently developed by the InfraGard Member without reference to any Secure Information received hereunder;

d. is disclosed by the originator of the Secure Information, to a third party, without restrictions similar to those imposed under this Agreement;

e. is requested by either House of Congress or, to the extent of matters within its jurisdiction, by any committee or subcommittee thereof, any joint committee of Congress, or subcommittee of any such joint committee;

f. is required to be disclosed pursuant to a valid order of a court of competent jurisdiction; or,

g. is required to be disclosed to any government agency or is otherwise required to be disclosed by law.

FBI Use of Information

14. The FBI May Use for Official Purposes Any Information Disclosed By the InfraGard Member. The InfraGard Member acknowledges and agrees that nothing in this Agreement shall preclude the FBI in its sole discretion from using or providing access to any information the FBI receives, whether or not it is proprietary, for national security or law enforcement purposes or to respond to a Congressional order.

15. FBI Dissemination and Use of Information is Not Mandatory. Neither the FBI’s participation in InfraGard nor anything contained in this Agreement shall be deemed to impose any duty on the FBI, and the FBI assumes no duty, to disseminate, act upon, or fail to take actions based upon, information reported to the FBI. The InfraGard Member acknowledges and agrees that, consistent with the terms of this Agreement pertaining to the use of proprietary information, the FBI may in its sole discretion expedite, delay, edit, restrict, terminate or forego dissemination of information, or act or fail to act upon its receipt of information, in any particular case and with respect to any particular InfraGard participant.

Encryption

16. E-Mail Communications with the FBI Will Follow Encryption Procedures. The parties acknowledge and agree that all InfraGard communications to and from the FBI via electronic mail (e-mail) will be encrypted utilizing encryption software and procedures to be identified by the FBI. The encryption software will contain a key recovery component, the key recovery agent and key recovery procedures will
be as prescribed by the FBI, and any key recoveries will be coordinated with the FBI.

17. The InfraGard Member Has Certain Encryption Software Obligations. The InfraGard Member is responsible for the proper use (including conformance with any applicable license), care, security,
and protection of any encryption software provided by the FBI to the InfraGard Member or to any person or entity by reason of the InfraGard Member’s sponsorship. The InfraGard Member will return any such software to the FBI upon termination of InfraGard participation by the InfraGard Member (or by any person who has received individualized software from the FBI by reason of the InfraGard Member’s sponsorship) or immediately upon demand by the FBI. The InfraGard Member will immediately notify the FBI of any potential compromise of this software. The InfraGard Member understands that encryption software is restricted from export. The FBI may require the execution of a separate use/custody agreement by each person or entity who receives encryption software from the FBI for InfraGard purposes.

Covenants Not to Sue

18. Covenant Not to Sue Other InfraGard Participants. For itself and for its representatives, successors, and assigns, the InfraGard Member agrees that it will never institute, initiate, prosecute, or in any
way aid in any demand, action, suit, or other claim, legal or otherwise, against any other InfraGard participant having executed an agreement substantially similar to this Agreement, or the officers, directors, employees, agents, representatives, contractors/subcontractors, consultants, advisors, or successors thereof, on account of any damage, loss, injury, or expectation, developed or undeveloped, known or unknown, past, present, or future, arising from, in connection with, or in any way pertaining to the reporting, non-reporting, or use of information providing that such reporting, non-reporting, or use of information is in accordance with this Agreement. The InfraGard Member further expressly agrees, to the extent permitted by relevant state or federal law, to hold harmless and indemnify the same against loss from any and all claims that may hereafter be brought against the same by the InfraGard Member, or by anyone in its behalf, arising out of the reporting, non-reporting, or use of information providing that such reporting, non-reporting, or use of information is in accordance with this Agreement.

19. Covenant Not to Sue the United States. For itself and for its representatives, successors, and assigns, the InfraGard Member agrees that it will never institute, initiate, prosecute, or in any way aid in any demand, action, suit, or other claim, legal or otherwise, against the FBI, the Department of Justice, the United States or other agencies thereof, or the officers, employees, detailees, agents, representatives, task force members, contractors/subcontractors, consultants, or advisors thereof, on account of any damage, loss, injury, or expectation, developed or undeveloped, known or unknown, past, present, or future, arising from, in connection with, or in any way pertaining to the reporting, non-reporting, or use of information providing that such reporting, non-reporting, or use of information is in accordance with this Agreement, and the InfraGard Member further expressly agrees, to the extent permitted by relevant state or federal law, to hold harmless and indemnify the same against loss from any and all claims that may hereafter be brought against the same by the InfraGard Member, or by anyone in its behalf, arising out of the reporting, non-reporting, or use of information providing that such reporting, non-reporting, or use of information is in accordance with this Agreement.

Miscellaneous Provisions

20. InfraGard References Do Not Constitute an Endorsement by the United States. Reference by the FBI in any alert, website postings, reports, or other InfraGard-related communications to any specific
commercial entity, products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors of materials distributed by the FBI, including but not limited to materials which may be available on an InfraGard website, do not necessarily state or reflect those of the United States Government or any agency thereof. The InfraGard Member further acknowledges and agrees that neither this Agreement, nor participation in InfraGard by the InfraGard Member or by the FBI, in any way alters or effects the law and regulations (including but not limited to those codified at 18 U.S.C. §§ 701, 709) concerning the use of the FBI’s emblems, insignia, names, badges and identification cards. The InfraGard Member, whether speaking on its own behalf, on behalf of InfraGard, or otherwise, shall not make any statement intended to express, suggest or imply the views or opinions of the FBI, the United States or any agency thereof.

21. The InfraGard Member and the FBI Will Designate Representatives. Each party shall designate one individual as the InfraGard Representative for representing that party in regard to InfraGardrelated
matters, including attendance at InfraGard meetings. (This does not preclude a party from also designating additional individuals to participate in InfraGard activities as appropriate.) Each party shall
immediately notify the other upon its termination of any previous designation, and may change its InfraGard Representative (or other designated participants) by notifying the other party of such change. Any notice(s) required or permitted under this Agreement shall be made in writing, and shall be deemed to have been properly tendered upon delivery by hand or by registered mail to the designated InfraGard Representative of a party to the address for the receiving party set forth on page one of this Agreement.

22. This Agreement Cannot Be Assigned. This Agreement and any and all of the rights and obligations of the parties hereunder shall not be assigned, delegated, sold, transferred, licensed or otherwise disposed
of, by operation of law or otherwise, without the prior written consent of the other party.

Share this:

Facebooktwitterredditlinkedinmail