Resources
PKI Disclosure
Licenses & Approvals
E-Sign
Publications
Home > Repository

VeriSign Managed PKI Public Agreement for Federal Departments and Agencies1

This VeriSign Managed PKI Public Agreement for Federal Departments and Agencies ("Agreement") is entered into between VeriSign, Inc. ("VeriSign"), and the entity listed at the bottom of this Agreement (" Managed PKI Lite Customer " or "Customer"), This agreement is conditioned upon the understanding that VeriSign will perform all roles defined as the Certification Authority (CA). If these roles should change, the parties agree to modify the terms of the agreement.

Background
A Managed PKI Lite Customer within the VeriSign Trust Network ("VTN") assists other persons or entities in applying for digital certificates, approving certificate applications, and (where necessary) revoking their certificates. VeriSign will issue, manage, suspend, revoke, and/or renew certificates in accordance with Customer's instructions and VeriSign's Certification Practice Statement ("CPS") then currently in effect, published at http://www.verisign.com/repository/CPS.

1. Definitions. Unless otherwise noted herein, defined (capitalized) terms in this Agreement shall have the meanings given to them in the then current CPS. "Administrator Certificate" means a Class 3 certificate issued to an organization or individual as requested by a Managed PKI Administrator as described in CPS Section 3.1. "Managed PKI Customer Requirements" means the summary of CPS control and security requirements applicable to Registration Authorities, which is attached to the Managed PKI Administrator's Handbook. "Erroneous Issuance" means (a) issuance of a Certificate in a manner not materially in accordance with the procedures required by the CPS, the Managed PKI Administrator's Handbook published at http://www.verisign.com/onsite, or the Managed PKI Customer Requirements; (b) issuance of a Certificate (other than a Class 1 Certificate) to a Person other than the one named as the Subject of the Certificate; or (c) issuance of a Certificate (other than a Class 1 Certificate) without the authorization of the Person named as the Subject of such Certificate. "Impersonation" means requesting and being issued a Certificate based on false or falsified information relating to naming or identity.

2. CPS, Managed PKI Administrator's Handbook, and Managed PKI Customer Requirements. The CPS, the Managed PKI Administrator's Handbook, and the Managed PKI Customer Requirements, as periodically amended, are incorporated herein by reference. VeriSign shall notify Customer of any amendments by electronic mail or such other manner as VeriSign may specify from time to time, but shall have no obligation to confirm receipt of any such notice.

3. Customer's Duties as Registration Authority.

3.1 Appointments. VeriSign appoints Customer as a Registration Authority pursuant to the CPS. Customer shall appoint one or more authorized Customer employees or individual contractors as Managed PKI or Customer Administrator(s) ("Administrator"), subject to the provisions set forth in Section 3.2 below. Specifically, Customer hereby appoints the Person(s) listed below as Administrator(s). Such Administrator(s) shall be entitled to appoint additional Administrators on Customer's behalf. Upon approval of the Certificate Application(s) of the Administrator(s), VeriSign shall issue an Administrator Certificate to each such Administrator.

3.2 Registration Authority Requirements. Customer shall comply, and shall cause its Administrators to comply, with Registration Authority requirements stated in the CPS, the Managed PKI Administrator's Handbook, and the Managed PKI Customer Requirements as periodically amended, including without limitation requirements for validating the information in Certificate Applications, approving or rejecting such Certificate Applications, using hardware and software designated by VeriSign, and revoking Certificates. Upon Customer's approval of a Certificate Application, VeriSign (a) shall be entitled to rely upon the correctness of the information in each such approved Certificate Application, and (b) shall issue a Certificate to the Certificate Applicant submitting such Certificate Application. Customer shall approve a Certificate Application only if the Certificate Applicant is an Affiliated Individual or Affiliated Entity. If a Subscriber that has been issued a Certificate by Customer ceases to be affiliated with Customer as an Affiliated Individual or Affiliated Entity, Customer shall promptly request revocation of such Subscriber's Certificate. If an Administrator ceases to have the authority to act as Administrator on behalf of Customer, Customer shall promptly request revocation of the Administrator Certificate of such Administrator. Customer shall access VeriSign's web site at least once per month, either to request revocation of Certificates or to confirm to VeriSign that no revocation requests have been submitted to VeriSign in such month.

3.3 Manner of Performance. Customer shall perform the tasks in this Section 3 in a competent, professional, and workmanlike manner. Individuals appointed as an Administrator shall be a trustworthy employee (or an otherwise authorized agent) of the organization or agency for whom the certificates are issued; and deemed appropriate to perform sensitive organization/agency functions similar to: security administration, human resource or personnel management, or network administration. There are no unique education, training, certification, or accreditation requirements imposed prior to becoming an Administrator; however, basic familiarity with personal computers and Web browsers is recommended.

3.4 Customer Employee Subscribers. Customer shall cause Subscribers receiving Certificates hereunder to abide by the terms of the Subscriber Agreement attached to the Managed PKI Customer Requirements.

4. Service Fees. This Agreement shall be incorporated by reference, or VeriSign's services hereunder shall be referred to, in an external document ("External Document"), which shall either be a purchase order accompanying and/or attached to this Agreement or a contract document. Customer or its designated agent shall pay VeriSign the Service Fees set forth in the External Document.

5. Confidentiality.

5.1 Confidential Information. "Confidential Information" means any confidential or other proprietary information disclosed by one party to the other under this Agreement, except information that: (a) is public knowledge at the time of disclosure, (b) was known by the receiving party before disclosure by the disclosing party, or becomes public knowledge or otherwise known to the receiving party after such disclosure, other than by breach of a confidentiality obligation, or (c) is independently developed by the receiving party.

5.2 Protection of Confidential Information. The receiving party shall (a) not disclose the Confidential Information to any third party, except as required by a Congressional or Court issued subpoena or order, (b) not use the Confidential Information in any fashion except for purposes of performing this Agreement, (c) exercise reasonable care to prevent disclosure, and (d) notify the disclosing party of any unauthorized disclosure or use of the Confidential Information. In the event that the receiving party receives any subpoena or court order that potentially calls for the production of Confidential Information, the receiving party shall immediately notify the other party and provide a copy of such subpoena or order. Upon termination of this Agreement for any reason, each party shall immediately deliver to the other party all copies of the Confidential Information received from such other party. The following sentence reflects a customary commercial practice which does not apply if Customer is a Government agency: Each party acknowledges that breach of this Section 5 will cause irreparable harm to the disclosing party entitling the disclosing party to injunctive relief, among other remedies.

6. Intellectual Property Rights. Customer acknowledges that VeriSign, its vendors, and/or its licensors retain all intellectual property rights ("Intellectual Property Rights") in and to the ideas, concepts, techniques, inventions, processes, or works of authorship comprising, embodied in, or practiced in connection with the products or services provided by VeriSign hereunder, including without limitation the VeriSign-designated hardware and software supporting such services and the VeriSign web site interface designated for Customer's use (collectively, the "Service Components"). The Service Components do not include Customer's browser software or Customer's base hardware platform.

7. Additional Obligations of Customer.

7.1 Proprietary Markings and Copyright Notices. Customer shall not remove or destroy any trademark or copyright notices on any VeriSign materials or documentation. Neither party shall acquire any rights of any kind in the other party's trademarks, service marks, trade names, or product names.

7.2 Customer's Warranties. Customer contractually warrants to VeriSign that: (a) Customer will exercise reasonable care to ensure that all information material to the issuance of a certificate and validated by Customer is true and correct in all material respects; (b) without limiting the generality of the foregoing, Customer's approval of Certificate Applications will not, to Customer's knowledge or due to Customer's failure to exercise reasonable care, result in an Erroneous Issuance, including but not limited to Erroneous Issuance resulting from Impersonation; and (c) Customer has substantially complied with the CPS, the Managed PKI Administrator's Handbook, and the Managed PKI Customer Requirements.

8. VeriSign's Limited Warranties. VeriSign warrants to Customer that at the time it issues a Certificate hereunder: (a) VeriSign originated no material misrepresentations of fact in such Certificate, (b) VeriSign introduced no errors in the information in such Certificate as a result of a failure to exercise reasonable care in creating the Certificate, (c) such Certificate meets all material requirements of the CPS, and (d) VeriSign has substantially complied with the CPS when issuing such Certificate. VeriSign also makes the "Year 2000 Compliance (May 1998)" statutory warranty to the extent required by statute.

9. Disclaimer of Warranties, Liability, and Indemnification.

9.1 GOVERNMENT CUSTOMER'S LIIABILITY RELATING TO VALIDATION; GOVERNMENT SUBSCRIBER'S LIABILITY RELATING TO CERTIFICATE APPLICATION AND REPRESENTATIONS. CUSTOMER SHALL, TO THE EXTENT PERMITTED BY LAW, BEAR EXCLUSIVE RESPONSIBILITY FOR THE VALIDATION OF ALL CERTIFICATE APPLICATIONS THAT IT APPROVES AND FOR THE CONDUCT OF ADMINISTRATORs. IN ADDITION, EACH GOVERNMENT CERTIFICATE APPLICANT AND GOVERNMENT SUBSCRIBER SHALL, TO THE EXTENT PERMITTED BY LAW, BEAR EXCLUSIVE RESPONSIBILITY FOR THE INFORMATION AND REPRESENTATIONS MADE BY SUBSCRIBER ON ANY CERTIFICATE APPLICATION. VERISIGN DISCLAIMS ALL SUCH RESPONSIBILITY AND LIABILITY.

9.2 "AS IS". EXCEPT FOR THE LIMITED WARRANTIES CONTAINED IN SECTION 8 AND THE CPS, VERISIGN'S PRODUCTS AND SERVICES, INCLUDING BUT NOT LIMITED TO THE SERVICE COMPONENTS, (COLLECTIVELY, THE "PRODUCTS AND/OR SERVICES") ARE PROVIDED "AS IS" AND VERISIGN MAKES NO WARRANTIES WITH RESPECT TO USEFULNESS, FUNCTIONALITY, OR OPERABILITY. VERISIGN HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

9.3 LIMITATION OF LIABILITY. IN NO EVENT SHALL VERISIGN'S LIABILITY TO ANY AND ALL PERSONS FOR ANY AND ALL CLAIMS, LOSSES, OR DAMAGES RELATING TO, IN WHOLE OR IN PART, THIS AGREEMENT, THE PRODUCTS AND/OR SERVICES, OR OTHERWISE, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EXCEED THE SERVICE FEES PAID BY CUSTOMER TO VERISIGN UNDER THIS AGREEMENT. UNDER NO CIRCUMSTANCES WHATSOEVER SHALL VERISIGN BE LIABLE FOR SPECIAL, INDIRECT, RELIANCE, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST DATA, OR LOSS RESULTING FROM BUSINESS INTERRUPTION, EVEN IF VERISIGN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9.4 No Third-Party Beneficiaries. The parties acknowledge that this Agreement is solely for their own benefit and that no third party shall have any rights or claims arising hereunder, nor is it intended that any third party shall be a third-party beneficiary of any provision hereof.

9.5 Deletion of FAR 52.212-4(o). In accordance with FAR 12.404(b)(2), the warranty provision set forth at FAR 52.212-4(o) is hereby deleted and replaced in its entirety by VeriSign's customary commercial warranty set forth in Sections 8 and 9.2, above, as specifically modified for purposes of this Agreement. Section 9.5 shall take precedence over FAR 52.212-4(s) notwithstanding the Order of Precedence provision set forth in such clause.

9.6 Indemnification. For purposes of this Managed PKI Public Agreement, CPS Paragraph 2.3.1, entitled "Indemnity by Subscriber and Relying Parties," does not apply to Government subscribers.

10. Term and Termination. The term of this Agreement is one (1) year starting on the Effective Date marked below. This Agreement may be terminated (a) by either party immediately upon the institution by or against the other party of insolvency, receivership, or bankruptcy proceedings, upon any assignment for the benefit of the other party's creditors, or upon the other party's dissolution or ceasing to do business; (b) by VeriSign immediately and without prior notice in the event of a breach of any of the duties, obligations, terms, or provisions of this Agreement (a "Breach") by Customer if the Breach may compromise the security of VeriSign's Public Certification Services or other system; or (c) in the event of any other Breach by a party, upon thirty (30) days written notice by the non-breaching party and the breaching party's failure to cure such Breach within the thirty (30) day notice period. This Agreement may be terminated by Customer if VeriSign amends its CPS, the Managed PKI Administrator's Handbook, or the Managed PKI Customer Requirements, and if the Customer believes in good faith that such amendment materially deprives it of the benefit of this Agreement. The provisions of Sections 4, 5, 6, 7.2, 8, 9, 10, 11, 12, and 13 shall survive termination. Should this Agreement be terminated before the completion of a term for which VeriSign has received payment for reasons other than Customer's breach of any term or condition of this Agreement, VeriSign shall, upon written request by the subscriber received within 30 days of such termination, refund an appropriate amount of any payment made by such subscriber for the Certificate issued to the subscriber.

11. Notices. Whenever a party desires or is required to give any notice, demand, or request with respect to this Agreement, such communication shall be made either using digitally signed messages consistent with the requirements of the CPS (verifiable by a VeriSign Class 2 or higher Certificate), or in writing. Electronic communications shall be effective upon the sender's receiving a valid, digitally signed acknowledgment of receipt (verifiable by a VeriSign Class 2 or higher Certificate) from the recipient. Such acknowledgment must be received within three (3) business days, or else written notice must then be communicated. Communications in writing must be delivered by a courier service that confirms delivery in writing or via certified or registered mail, postage prepaid, return receipt requested, addressed to the representative of Customer at the address below or to VeriSign at: Managed PKI Support, VeriSign, Inc., 1390 Shorebird Way, Mountain View, CA 94043, e-mail:
enterprise-pkisupport@verisign.com, voice: +1-650-961-8820, fax: +1-650-961-8870. Customer shall immediately advise VeriSign of any legal notice served on Customer that might affect VeriSign.

12. Independent Relationship. Customer, the Administrator(s), and Customer's employees, consultants, contractors, and agents are not agents, employees, joint ventures, or joint venturers of VeriSign, and they have no authority to bind VeriSign by contract or otherwise to any obligation.

13. Miscellaneous.

13.1 Entire Agreement; Amendment; Assignment. This Agreement, the CPS, the Managed PKI Administrator's Handbook, the Managed PKI Customer Requirements, the External Document, and the Federal Acquisition Regulation clauses appended to and/or cited herein as being applicable to this Agreement, constitute the entire agreement between the parties and supersede all prior and contemporaneous written or oral agreements between the parties with respect to the subject matter of this Agreement; and (subject to Section 9.5) the parties agree that the Order of Precedence provision included in the Federal Acquisition Regulation clauses appended hereto shall control. This Agreement constitutes the "schedule of supplies/services" as referenced in the Order of Precedence provision. This Agreement's order of precedence provision shall take precedence with respect to any conflicting precedence provision, including the CPS. No amendment or waiver of any provision of this Agreement shall be effective unless it is in a physical writing signed, or e-mail message digitally signed (verifiable by a VeriSign Class 2 or higher Certificate), by each party's authorized representative. Notwithstanding the "Changes" clause set forth in FAR 52.212-4(c) which is incorporated by reference herein (see below), the parties intend that the Government receive the benefit of technological advancements and other benefits that VeriSign may make available from time-to-time; accordingly, the parties hereto agree that VeriSign may unilaterally amend the CPS with such advancements/benefits so long as any such amendment does not impose more onerous terms upon the Government; however, any amendment which imposes more onerous terms upon the Government may be entered into only upon written agreement of both parties. This Agreement shall be binding upon and inure to the benefit of Customer, VeriSign, and their respective successors and assigns, provided that Customer shall not assign, sublicense, encumber, or otherwise transfer this Agreement or any right or obligation hereunder without VeriSign's prior consent. Any such consent by VeriSign shall be in the form of a communication made pursuant to Section 11.

13.2 Severability; Enforcement. The unenforceability of any provision or provisions of this Agreement shall not impair the enforceability of any other part of this Agreement. If any provision of this Agreement shall be deemed invalid or unenforceable, in whole or in part, this Agreement shall be deemed amended to delete or modify, as necessary, the invalid or unenforceable provision to render it valid, enforceable, and, insofar as possible, consistent with the original intent of the parties. The remedies under this Agreement shall be cumulative and not alternative, and the election of one remedy for a breach shall not preclude pursuit of other remedies. The failure of a party, at any time or from time to time, to require performance of any obligations of the other party hereunder shall not affect its right to enforce any provision of this Agreement at a subsequent time.

13.3 Governing Law. This Agreement, and all disputes arising out of or related to this Agreement, shall be governed by the Contract Disputes Act of 1978, as amended (codified at 41 U.S.C. § 601 et seq.).

13.4 Approval; Authorization. This Agreement shall not be effective until VeriSign approves Customer's Registration Authority application. Customer warrants and represents that the representative executing this Agreement on its behalf has been duly authorized to do so by Customer.

1  Although the VeriSign Managed PKI Public Agreement for Federal Departments and Agencies is similar to the VeriSign Managed PKI Agreement (for Commercial Companies), this Agreement includes certain provisions that do not reflect customary commercial practice.

ACCEPTED AND AGREED TO:

Customer: ____________________
(Name of department or agency)

Address: _____________________
_____________________________
_____________________________

By:__________________________
(Signature)

Name:_______________________
Title: ________________________
E-Mail: ______________________
Voice:_______________________
Fax: ________________________

Effective Date: _____________ 		  ADMINISTRATOR'S APPOINTED
BY CUSTOMER:

1. First Administrator (required)
Name:_________________________
Title: __________________________
E-Mail: ________________________
Voice: _________________________
Fax:___________________________

2. Second Administrator (optional)
Name:_________________________
Title: __________________________
E-Mail: ________________________
Voice:_________________________
Fax: __________________________

Version Date: November 5, 2001 NRC