NCR-DCPSWG Terms Of Service

InfraGardNCR DCPSWG listserver/portal terms of use

Last updated: 1/30/2019

Effective date: 1/30/2019

The InfraGardNCR DCPSWG portal is a closed, vetted information-sharing platform created by the Executive Partnership for Integrated Collaboration (EPIC), a nonprofit 501(c)3 organization based in Charlotte, NC.  Admission to the group is supervised by the National Capital Region chapter of InfraGard (InfraGardNCR).  EPIC and InfraGardNCR are individually and collectively the NCR DCPHSWG Portal Parties.  The NCR DCPSWG Portal Parties have created and operate an Internet-based, closed, vetted, information sharing platform (the InfraGardNCR DCPSWG Portal), the purpose of which is to provide a collaboration platform for invited participants (Participants) to share information about cyber threats, vulnerabilities, and mitigation information (Information). Participants are selected by NCR DCPSWG Portal Parties at their sole and absolute discretion and are invited by NCR DCPSWG Portal Parties to review and contribute to the NCR DCPSWG Portal. Subject to the discretion of the NCR DCPSWG Portal Parties, Participants are generally full-time information security professionals who are members of the National Capital Region chapter of InfraGard and who have agreed to these Terms of Use and any other terms required from time to time by the NCR DCPSWG Portal Parties. Information shared by Participants via the NCR DCPSWG Portal may include real-time tactical information, threat actor information, suspicious Internet Protocol addresses, possible cyber intrusion attempts, or best practices to improve cybersecurity postures.

 

The following terms of use pertaining to Information shared on the NCR DCPSWG Portal:

For consistency and clarity, Participants are encouraged to utilize the TLP Protocol.

  1. Confidentiality. Unless otherwise expressly stated by the contributing Participant in writing, all Information posted to the NCR DCPSWG Portal is CONFIDENTIAL and should be treated as TLP RED. Information posted to the portal may be seen by law enforcement and may (with the consent of the contributor) become part of a new or ongoing investigation. This reinforces the need to maintain confidentiality of all information posted to the NCR DCPSWG Portal.
  2. Contribution. When contributing information to the NCR DCPSWG Portal, Participants are expected to do so in accordance with the NCR DCPSWG Portal’s purpose, as described above. No sensitive or proprietary information, including but not limited to personally identifiable information and specific customer information, should be posted to the NCR DCPSWG Portal.
  3. Solicitation. Soliciting (selling or offering to sell) to any member of the NCR DCPSWG Portal is strictly prohibited through or across the NCR DCPSWG Portal. Participants must not intentionally send advertising material to other Participants through the Portal nor outside the portal unless otherwise requested by a fellow Participant. This clause is critical to the integrity of the NCR DCPSWG Portal, and any violation will result in immediate removal of the Participant.
  4. Sharing limitations. Information about the individuals, including the identity of any Participant(s) participating on the NCR DCPSWG Portal, shall not be shared outside the NCR DCPSWG without the prior written consent of the affected Participant(s). In addition, sharing information through the NCR DCPSWG Portal that constitutes advertising, is pornographic, discriminatory, constitutes a deceptive or unfair trade practice, is otherwise illegal, or which is likely to cause harm to other Participants, their technical infrastructure, or their organizations or affiliates (including but not limited to malware and viruses) is prohibited. The NCR DCPSWG Portal Parties reserve the right to remove any content shared by any Participant at any time for any reason without notice.
  5. Membership. The NCR DCPSWG Portal is a closed group, and subscription to the NCR DCPSWG Portal is by invitation only. Membership queries may be sent directly to This email address is being protected from spambots. You need JavaScript enabled to view it.. By accepting an invitation to become a Participant, such participant agrees to these terms of use. The NCR DCPSWG Parties reserve the right to remove Participants from the NCR DCPSWG Portal for noncompliance with these terms of use. At the sole discretion of NCR DCPSWG Parties, without limiting the foregoing, NCR DCPSWG Parties may specifically remove Participants from the NCR DCPSWG Portal without notice for submitting information that constitutes advertising, is pornographic, discriminatory, constitutes a deceptive or unfair trade practice, is otherwise illegal or which is likely to cause harm to other Participants, their technical infrastructure, or their organizations or affiliates.
  6. Security. NCR DCPSWG Portal traffic is encrypted via SSL (Secure Socket Layer). However, SSL may not always be sufficient to secure Portal traffic. If you have sensitive information to share but don’t wish to share through the NCR IT Portal, please contact the listserv administrators at This email address is being protected from spambots. You need JavaScript enabled to view it. for instructions and options.
  7. YOU ACKNOWLEDGE AND AGREE THAT EACH OF THE NCR DCPSWG PARTIES PROVIDES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS, ON ITS OWN BEHALF AND ON BEHALF OF ITS AFFILIATES, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, SECURITY OR NON-INFRINGEMENT WITH RESPECT TO THE NCR DCPSWG PORTAL OR RELATED SERVICES (NCR DCPSWG SERVICES), WHICH INCLUDES THE NCR DCPSWG PORTAL’S MONTHLY WEBINARS. NCR DCPSWG PORTAL SERVICES, INCLUDING ANY AND ALL INFORMATION FURNISHED THEREWITH, ARE PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF PERFORMANCE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OMISSIONS, COMPLETENESS, CURRENTNESS, CONFIDENTIALITY, INTEGRITY OR AVAILABILITY.
  8. Sensitivity. To further the information-sharing function of the NCR DCPSWG Portal, Participants are encouraged to mark their contributed Information either with a notation included with the Information or with the appropriate sensitivity level or traffic light protocol level (TLP Protocol) as described below:

If a recipient needs to share the information more widely than indicated by the original TLP designation, they must obtain explicit permission from the original source.

TLP Definitions

Color

When should it be used?

How may it be shared?

TLP: RED Not for disclosure, restricted to participants only.

Sources may use TLP: RED when information cannot be effectively acted upon by additional parties and could lead to impacts on a party's privacy, reputation, or operations if misused.

Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting or email exchange, for example, TLP: RED information is strictly limited to those present at the meeting or specifically included in the email exchange.

TLP: AMBER Limited disclosure, restricted to participants’ organizations.

Sources may use TLP: AMBER

when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.

Recipients may only share TLP: AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.

TLP: GREEN Limited disclosure, restricted to the community.

Sources may use TLP: GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.

Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community.

TLP: WHITE Disclosure is not limited.

Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

Subject to standard copyright rules, TLP: WHITE information may be distributed without restriction (subject to copyright or trademark laws)

(source: adapted from https://www.us-cert.gov/tlp)

Usage

How to use TLP in email

TLP-designated email correspondence should indicate the TLP color of the information in the Subject line and in the body of the email, prior to the designated information itself. The TLP color must be in capital letters: TLP: RED, TLP: AMBER, TLP: GREEN, or TLP: WHITE.  As a reminder, unless otherwise noted, all communication across the NCR DCPSWG listserver is to be treated as TLP: RED.

  1. Amendments. All Participants shall be notified of any amendments or modifications to these terms of use by notification through the NCR DCPSWG Portal. If any Participant does not agree to the amendments or modifications, such participant shall notify the NCR DCPSWG Parties by email to This email address is being protected from spambots. You need JavaScript enabled to view it.. Upon receipt of such notification, the notifying participant will be removed from the NCR DCPSWG Portal, and his or her status as a Participant shall be removed. Continued use of the NCR DCPSWG Portal following notification of amendments or modifications to these terms of use without notification of objection shall be deemed agreement to abide by these terms of use as amended or modified.
  2. Governing law. The terms shall be governed by and construed enforced in accordance with the laws of the state of North Carolina without regard to any choice of law or conflicts of law rules or principles of the state of North Carolina or any other jurisdiction.
  3. Litigation. The state and federal courts located in Mecklenburg County, North Carolina shall be the exclusive forums for all litigation or other proceedings initiated by either Party under or in connection with these terms or the subject matter hereof. Each Party consents to the jurisdiction of such courts and agrees that venue in such courts shall be convenient and proper in connection with all such litigation and proceedings. Each Party agrees not to commence any such action or proceeding in any other forum. Each Party consents to service of process by U.S. mail in connection with any such litigation or proceedings.