TERMS AND CONDITIONS FOR ELECTIONS INFRASTRUCTURE ISAC (EI-ISAC) MEMBERSHIP 

The following terms and conditions set forth the terms for membership in the EI-ISAC.  As a participating member of the EI-ISAC (“Member” or “you”), you agree that you will share information through the EI-ISAC in accordance with the terms set forth below. If your organization does not qualify as an EI-ISAC member or cannot agree to the terms as set forth herein, please contact CIS for further discussion.

  1. Definitions

Data: the information shared by either EI-ISAC or any Member in accordance with these membership terms and conditions.

EI-ISAC:  The Elections Infrastructure Information Sharing & Analysis Center, a program within the Center for Internet Security, Inc., operated to support information sharing among U.S. state, local and territorial governmental elections entities.

Member:  A qualifying organization under the EI-ISAC that has agreed to these terms and conditions.  For purpose of these terms and conditions, Member shall also include all employees of the Member.

  1. EI-ISAC Purpose. The EI-ISAC has been established to facilitate the sharing of cyber and/or critical election infrastructure Data among EI-ISAC Members, and others as appropriate, in order to facilitate communication regarding cyber and/or election infrastructure readiness and response efforts. These efforts include, but are not limited to, disseminating early warnings of physical and cyber system threats, sharing security incident information between state, territorial, and local entities, providing trends and other analysis for security planning, and distributing current proven security practices and suggestions.
  2. EI-ISAC Membership.  Membership in the EI-ISAC is limited to those U.S. state, local and territorial governmental entities, and their employees, who are responsible for elections infrastructure within their respective governmental jurisdiction.
  3. Operation of the EI-ISAC.  The EI-ISAC will be operated and supported by the Center for Internet Security, Inc., a not for profit corporation focused on enhancing the cyber security readiness and response of public and private sector entities, with a particular focus on state, local, tribal and territorial governments and critical infrastructure.  EI-ISAC may also retain contractors from time to time to provide services to the EI-ISAC and its Members.
  4. Data Protection. EI-ISAC and Member both acknowledge that the protection of shared Data is essential to the security of both Member and the mission of the EI-ISAC.  The intent of the Data protection terms are to: (a) enable Member to make disclosures of Data to EI-ISAC while still maintaining rights in, and control over, the Data; and (b) set common information sharing protocol that will determine the extent to which Data can be shared with others. Nothing in these terms and conditions grants EI-ISAC or Member an express or implied license or an option on a license, or any other rights to, or interests in, the Data.
  5. Data Sharing Protocol.  All Data provided by any EI-ISAC Member or the EI-ISAC shall include an information sharing designation in accordance with the US CERT Traffic Light Protocol (TLP), as set forth at https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage.  In the event that Data is shared by the Member or EI-ISAC and such Data does not include a TLP designation, it shall be considered as having been designated TLP Red unless and until subsequently, the entity sharing the Data changes the designation.

Notwithstanding the foregoing, unless a Member designates in writing that the Data in question cannot be shared or that such sharing is subject to stated restrictions, all Data provided by Members may be shared with EI-ISAC’s federal partners (including, without limitation, the U.S. Department of Homeland Security), and may be shared with other EI-ISAC members provided that the Data is anonymized and not attributable to Member.

  1. Other Data Designation. EI-ISAC and Member acknowledge that certain Data may also be designated with a notice of patent, copyright, trade secret or other proprietary right and EI-ISAC and Member each agree not to remove, alter or obscure any such designation without the prior written authorization of party sharing the Data.
  2. Data Retraction.  If a Member retracts any Data it sent to the EI-ISAC, then, upon notification by the Member, the EI-ISAC will delete such Data and all copies thereof, and as applicable, notify other EI-ISAC Members and its federal partners to delete the Data.  Upon receiving such notification, EI-ISAC Members will delete such information and all copies thereof. If an EI-ISAC Member is unable to delete the Data based on applicable law, then that Member will continue to maintain the confidentiality of the Data consistent with the TLP designation assigned to the Data. 
  3. Demand for Data. If any third party makes a demand for any Data, the EI-ISAC or any other Member receiving such a demand shall immediately forward such request to the Member who shared the Data and consult and cooperate with that Member and will make reasonable efforts, consistent with applicable law and the applicable TLP designation, to protect the confidentiality of the Data.  The Member sharing the Data will, as needed, have the opportunity to seek judicial or other appropriate avenues of redress to prevent any release. 
  4. Reports Containing Data. As part of its elections information sharing efforts, the EI-ISAC may prepare written reports that include or are based on TLP Red Data shared by Member.  For such reports, the TLP Red Data will be anonymized and Member shall be provided a period of time to review such reports, papers, or other writings and has the right to review to correct factual inaccuracies and make recommendations and comments to the content of the report. The EI-ISAC and Members agree to work together in good faith to reach mutually agreed upon language for the report.  If the parties are unable to reach agreement on an issue, the Member has the right to edit out its Data.
  5. Term and Termination of Membership. Member’s obligations under these terms shall continue so long as remains a member of the EI-ISAC, except that the obligations of confidentiality of Data as provided herein shall survive the expiration of Member’s membership. Member may terminate its EI-ISAC membership at any time upon written notice to the EI-ISAC.
  6. Severability. Should any court of competent jurisdiction consider any provision of these terms and conditions to be invalid, illegal, or unenforceable, such provisions shall be considered severed from these terms and conditions.  All other provisions, rights, and obligations shall continue without regard to the severed provision(s).
  7. Entire Understanding. These terms and conditions contain the entire understanding between EI-ISAC and Member with respect to the proprietary information described herein and supersedes all prior understandings whether written or oral.

 

Revised 12/12/2023