United States [
Feedback
This VeriSign Managed PKI Private Label Agreement for Federal Departments and Agencies ("Agreement") is entered into between VeriSign, Inc. ("VeriSign"), and the entity listed at the bottom of this Agreement ("Customer").
Background
Customer wishes to issue, manage, suspend, revoke, and/or renew digital certificates ("Certificates") marked with its name based on applications submitted to, validated, and approved by Customer. Customer wishes to outsource to VeriSign the functions of issuing, managing, revoking, and/or renewing such Certificates. Customer wishes to retain for itself the functions of validating and approving applications for Certificates ("Certificate Applications"), and instructing revocation or renewal of Certificates.
1. Definitions. "Managed PKI Administrator" means a person appointed by Customer as administrator of the program described herein. "Managed PKI Administrator's Certificate" means a Certificate issued by VeriSign to the Managed PKI Administrator, which allows the Managed PKI Administrator to perform the functions described in Section 2. "Erroneous Issuance" means (a) issuance of a Certificate to a Person other than the one named as the subject of the Certificate or (b) issuance of a Certificate without the authorization of the person named as the subject of such Certificate. "Impersonation" means requesting and being issued a Certificate based on false or falsified information relating to naming or identity.
2. Customer's Duties.
2.1 Appointments. Customer shall appoint one or more authorized persons as Managed PKI Administrator(s). Upon approval of the Certificate Application(s) of the Managed PKI Administrator(s), VeriSign shall issue a Managed PKI Administrator Certificate to each such Managed PKI Administrator.
2.2 Managed PKI Administrator's Functions. Customer, through its Managed PKI Administrator(s), shall validate the information in Certificate Applications, approve or reject such Certificate Applications, use hardware and software designated by VeriSign, and instruct VeriSign to revoke Certificates. Upon Customer's approval of a Certificate Application, VeriSign (a) shall be entitled to rely upon the correctness of the information in each such approved Certificate Application, and (b) shall issue a Certificate to the Certificate Applicant submitting such Certificate Application. Customer shall transmit to VeriSign any requests it may have for revocation of Certificates issued by Customer. If a Managed PKI Administrator ceases to have the authority to act as Managed PKI Administrator on behalf of Customer, Customer shall promptly request revocation of the Managed PKI Administrator Certificate of such Managed PKI Administrator.
3. VeriSign's Duties. VeriSign shall issue, manage, suspend, revoke, and/or renew Certificates in accordance with the instructions provided by Customer's Managed PKI Administrator(s).
4. Service Fees. This Agreement shall be incorporated by reference, or VeriSign's services hereunder shall be referred to, in an external document ("External Document"), which shall either be a purchase order accompanying and/or attached to this Agreement or a contract document. Customer shall pay VeriSign the Service Fees set forth in the External Document.
5. Confidentiality.
5.1 Confidential Information. "Confidential Information" means any confidential or other proprietary information disclosed by one party to the other under this Agreement, except information that: (a) is public knowledge at the time of disclosure, (b) was known by the receiving party before disclosure by the disclosing party, or becomes public knowledge or otherwise known to the receiving party after such disclosure, other than by breach of a confidentiality obligation, or (c) is independently developed by the receiving party.
5.2 Protection of Confidential Information. The receiving party shall (a) not disclose the Confidential Information to any third party, except as required by a Congressional or Court issued subpoena or order, (b) not use the Confidential Information in any fashion except for purposes of performing this Agreement, (c) exercise reasonable care to prevent disclosure, and (d) notify the disclosing party of any unauthorized disclosure or use of the Confidential Information. In the event that the receiving party receives any subpoena or court order that potentially calls for the production of Confidential Information, the receiving party shall immediately notify the other party and provide a copy of such subpoena or order. Upon termination of this Agreement for any reason, each party shall immediately deliver to the other party all copies of the Confidential Information received from such other party. The following sentence reflects a customary commercial practice which does not apply if Customer is a Government agency: Each party acknowledges that breach of this Section 5 will cause irreparable harm to the disclosing party entitling the disclosing party to injunctive relief, among other remedies.
6. Intellectual Property Rights. Customer acknowledges that VeriSign, its vendors, and/or its licensors retain all intellectual property rights ("Intellectual Property Rights") in and to the ideas, concepts, techniques, inventions, processes, or works of authorship comprising, embodied in, or practiced in connection with the products or services provided by VeriSign hereunder, including without limitation the VeriSign-designated hardware and software supporting such services and the VeriSign web site interface designated for Customer's use (collectively, the "Service Components"). The Service Components do not include Customer's browser software or Customer's hardware platform.
7. Additional Obligations of Customer.
7.1 Proprietary Markings and Copyright Notices. Customer shall not remove or destroy any trademark or copyright notices on any VeriSign materials or documentation. Neither party shall acquire any rights of any kind in the other party's trademarks, service marks, trade names, or product names.
7.2 Customer's Warranties. Customer contractually warrants to VeriSign that: (a) Customer will exercise reasonable care to ensure that all information material to the issuance of a certificate and validated by Customer is true and correct in all material respects and (b) without limiting the generality of the foregoing, Customer's approval of Certificate Applications will not, to Customer's knowledge or due to Customer's failure to exercise reasonable care, result in an Erroneous Issuance, including but not limited to Erroneous Issuance resulting from Impersonation
8. VeriSign's Limited Warranties. VeriSign warrants to Customer that at the time it issues a Certificate hereunder: (a) VeriSign originated no material misrepresentations of fact in such Certificate and (b) VeriSign introduced no errors in the information in such Certificate as a result of a failure to exercise reasonable care in creating the Certificate. VeriSign also makes the "Year 2000 Compliance (May 1998)" statutory warranty to the extent required by statute.
9. Disclaimer of Warranties and Liability.
9.1 CUSTOMER'S LIABILITY RELATING TO VALIDATION. CUSTOMER SHALL, TO THE EXTENT PERMITTED BY LAW, BEAR EXCLUSIVE RESPONSIBILITY FOR THE VALIDATION OF ALL CERTIFICATE APPLICATIONS THAT IT APPROVES AND FOR THE CONDUCT OF CUSTOMER MANAGED PKI ADMINISTRATORS. VERISIGN DISCLAIMS ALL SUCH RESPONSIBILITY AND LIABILITY.
9.2 "AS IS". EXCEPT FOR THE LIMITED WARRANTIES CONTAINED IN SECTION 8, VERISIGN'S PRODUCTS AND SERVICES, INCLUDING BUT NOT LIMITED TO THE SERVICE COMPONENTS, (COLLECTIVELY, THE "PRODUCTS AND/OR SERVICES") ARE PROVIDED "AS IS" AND VERISIGN MAKES NO WARRANTIES WITH RESPECT TO USEFULNESS, FUNCTIONALITY, OPERABILITY. VERISIGN HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
9.3 LIMITATION OF LIABILITY. IN NO EVENT SHALL VERISIGN'S LIABILITY TO ANY AND ALL PERSONS FOR ANY AND ALL CLAIMS, LOSSES, OR DAMAGES RELATING TO, IN WHOLE OR IN PART, THIS AGREEMENT, THE PRODUCTS AND/OR SERVICES, OR OTHERWISE, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EXCEED THE SERVICE FEES PAID BY CUSTOMER TO VERISIGN UNDER THIS AGREEMENT. UNDER NO CIRCUMSTANCES WHATSOEVER SHALL VERISIGN BE LIABLE FOR SPECIAL, INDIRECT, RELIANCE, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST DATA, OR LOSS RESULTING FROM BUSINESS INTERRUPTION, EVEN IF VERISIGN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
9.4 No Third-Party Beneficiaries. The parties acknowledge that this Agreement is solely for their own benefit and that no third party shall have any rights or claims arising hereunder, nor is it intended that any third party shall be a third-party beneficiary of any provision hereof.
9.5 Deletion of FAR 52.212-4(o). In accordance with FAR 12.404(b)(2), the warranty provision set forth at FAR 52.212-4(o) is hereby deleted and replaced in its entirety by VeriSign's customary commercial warranty set forth in Section 8 and 9.2, above, as specifically modified for purposes of this Agreement. Section 9.5 shall take precedence over FAR 52.212-4(s) notwithstanding the Order of Precedence provision set forth in such clause.
10. Term and Termination. The term of this Agreement is one (1) year starting on the Effective Date marked below. This Agreement may be terminated (a) by either party immediately upon the institution by or against the other party of insolvency, receivership, or bankruptcy proceedings, upon any assignment for the benefit of the other party's creditors, or upon the other party's dissolution or ceasing to do business; (b) by VeriSign immediately and without prior notice in the event of a breach of any of the duties, obligations, terms, or provisions of this Agreement (a "Breach") by Customer if the Breach may compromise the security of VeriSign's systems; or (c) in the event of any other Breach by a party, upon thirty (30) days written notice by the non-breaching party and the breaching party's failure to cure such Breach within the thirty (30) day notice period. The provisions of Sections 4, 5, 6, 7.2, 8, 9, 10, 11, 12, and 13, shall survive termination. Should this Agreement be terminated before the completion of a term for which VeriSign has received payment for reasons other than Customer's breach of any term or condition of this Agreement, VeriSign shall, upon written request by the subscriber received within 30 days of such termination, refund an appropriate amount of any payment made by such subscriber for the Certificate issued to the subscriber.
11. Notices. Whenever a party desires or is required to give any notice, demand, or request with respect to this Agreement, such communication shall be made either using digitally signed messages (verifiable by a VeriSign Class 2 or higher Certificate), or in writing. Electronic communications shall be effective upon the sender's receiving a valid, digitally signed acknowledgment of receipt (verifiable by a VeriSign Class 2 or higher Certificate) from the recipient. Such acknowledgment must be received within three (3) business days, or else written notice must then be communicated. Communications in writing must be delivered by a courier service that confirms delivery in writing or via certified or registered mail, postage prepaid, return receipt requested, addressed to the representative of Customer at the address below or to VeriSign at: Managed PKI Support, VeriSign, Inc., 1350 Charleston Rd., Mountain View, CA 94043, e-mail:
enterprise-pkisupport@verisign.com, voice: +1-650-961-8820, fax: +1-650-961-8870. Customer shall immediately advise VeriSign of any legal notice served on Customer that might affect VeriSign.
12. Independent Relationship. Customer, the Managed PKI Administrator(s), and Customer's employees, consultants, contractors, and agents are not agents, employees, joint ventures, or joint venturers of VeriSign, and they have no authority to bind VeriSign by contract or otherwise to any obligation.
13. Miscellaneous.
13.1 Entire Agreement; Amendment; Assignment.
This Agreement, the External Document, and the Federal Acquisition Regulation clauses appended to and/or cited herein as being applicable to this Agreement constitute the entire agreement between the parties and supersede all prior and contemporaneous written or oral agreements between the parties with respect to the subject matter of this Agreement; and (subject to Section 9.5) the parties agree that the Order of Precedence provision included in the Federal Acquisition Regulation clauses appended hereto shall control. No amendment or waiver of any provision of this Agreement shall be effective unless it is in a physical writing signed, or e-mail message digitally signed (verifiable by a VeriSign Class 2 or higher Certificate), by each party's authorized representative. This Agreement shall be binding upon and inure to the benefit of Customer, VeriSign, and their respective successors and assigns, provided that Customer shall not assign, sublicense, encumber, or otherwise transfer this Agreement or any right or obligation hereunder without VeriSign's prior written consent. Any such consent by VeriSign shall be in the form of a communication made pursuant to Section 11.
13.2 Severability; Enforcement. The unenforceability of any provision or provisions of this Agreement shall not impair the enforceability of any other part of this Agreement. If any provision of this Agreement shall be deemed invalid or unenforceable, in whole or in part, this Agreement shall be deemed amended to delete or modify, as necessary, the invalid or unenforceable provision to render it valid, enforceable, and, insofar as possible, consistent with the original intent of the parties. The remedies under this Agreement shall be cumulative and not alternative and the election of one remedy for a breach shall not preclude pursuit of other remedies. The failure of a party, at any time or from time to time, to require performance of any obligations of the other party hereunder shall not affect its right to enforce any provision of this Agreement at a subsequent time.
13.3 Governing Law. This Agreement, and all disputes arising out of or related to this Agreement, shall be governed by the Contract Disputes Act of 1978, as amended (codified at 41 U.S.C. § 601 et seq.)
13.4 Authorization. Customer warrants and represents that the representative executing this Agreement on its behalf has been duly authorized to do so by Customer.
Although the VeriSign Managed PKI Private Label Agreement for Federal Departments and Agencies is similar to the VeriSign Managed PKI Private Label Agreement (for Commercial Companies), this Agreement includes certain provisions that do not reflect customary commercial practice.
|
ACCEPTED AND AGREED TO: LRA:____________________________ (Name of department or agency)
Address: ________________________ ________________________________ ________________________________ By:_____________________________ (Signature)
Name:__________________________ Title: ___________________________ E-Mail: _________________________ Voice:__________________________ Fax: ___________________________ Effective Date: __________________ |
MANAGED PKI ADMINISTRATORS APPOINTED BY CUSTOMER: 1. First Managed PKI Administrator (required) Name:____________________________ Title: _____________________________ E-Mail: ___________________________ Voice: ____________________________ Fax:______________________________ 2. Second Managed PKI Administrator (optional) Name:____________________________ Title: _____________________________ E-Mail: ___________________________ Voice:____________________________ Fax: _____________________________ |
FAR CLAUSES INCORPORATED BY REFERENCE
52.212-3
52.212-4 (as tailored)
52.212-5
Version Date: October 5, 1998