VULNERABILITY MANAGEMENT ADDENDUM


Effective as of January 1, 2024 (Version Number: 45292)


All terms not defined herein shall have the meaning ascribed to them in the DAS Standard Incorporated Terms and Conditions.

Vulnerability Management – If the executed COF or Cybersecurity Bundled Package includes “Vulnerability and Compliance Management” in any form, the following additional terms and conditions apply:

  1. The Client authorizes DAS to deploy software agents to their laptops, workstations, and servers in order to collect the necessary information to conduct periodic assessments.  
  2. Client authorizes DAS to conduct vulnerability scanning internally and externally using standard vulnerability scanning tools to assist with identifying and detecting changes to the environment that may introduce risk. 
  3. Subject to the terms contained herein, DAS will use reasonable commercial efforts to provide:
    1. Appliance that is installed onsite (if separate UFC is paid)
    2. Monthly Vulnerability and Compliance Management Scan completed using automated tools
    3.  Monthly Risk Ranked Vulnerability Report is sent to the business delegate 
    4.  Annual Review of the Risk Ranked Vulnerability Report (Up to 1 hour)
    5. Service is to be considered on-going unless included in a bundled service that is specified as one-time.
  4. Subject to the terms contained herein, if Penetration Test is listed on the COF, DAS will use reasonable commercial efforts to additionally conduct an annual penetration test.
  5. It is the Client’s sole responsibility to ensure that Client is in compliance with applicable local, state, and federals laws and regulations. Vulnerability Management Products do not take the place of Client’s diligence and responsibility for compliance and is only a tool to provide assistance in such compliance. DAS shall have no liability to Client for any loss occasioned by Client’s conduct or the conduct of Client’s officers, agents, contractors or employees. In no event shall DAS be liable to Client for direct, indirect, incidental or consequential damages, it being understood and agreed that Client hereby expressly waives any and all claims against DAS for any loss, const, damages or liability that may be incurred by Client as a result of DAS’ acts or failures to act hereunder.