Contract Documents

Master Agreements, Terms & Conditions

• (PDF) Trustwave Master Terms and Conditions
• (PDF) Data Processing Agreement
• (PDF) Trustwave End User License Agreement (EULA)
• (PDF) Dependencies and Assumptions & Managed Security Client Obligations

Managed Detection and Response

• (PDF) Co-Managed SOC
• (PDF) Managed Detection and Response Essentials (MDR Essentials)
• (PDF) Managed Detection and Response Advanced (MDR-Advanced)
• (PDF) Threat Monitoring
• (PDF) Managed Intrusion Detection Security (IDS)
• (PDF) Security and Compliance Monitoring
• (PDF) Proactive Threat Hunting
• (PDF) Information Security Advisor (ISA)
• (PDF) Client Success Manager (CSM)
• (PDF) Service Delivery Manager (SDM)

Managed Security Compliance (MSC)

• (PDF) Managed Security and Compliance (MSC)

Security Technology Management

The following addenda to the main "Security Technology Management" service description should also apply for any relevant supported solutions purchased by Client.

• (PDF) Security Technology Management
• (PDF) Managed Application Control (MAC)

Database Security

• (PDF) DbProtect
• (PDF) Managed Database Security Service

Secure Email Gateway

• (PDF) Trustwave WebMarshal
• (PDF) Trustwave MailMarshal

Security Testing

Penetration Testing

• (PDF) Managed Security Testing

Managed Vulnerability Scanning

• (PDF) Managed Vulnerability Scanning

Vulnerability Scanning

• (PDF) Vulnerability Scanning

Spider Labs Incident Response & Forensics (DFIR)

• (PDF) Incident Response Training and Exercises
• (PDF) Incident Response Retainer
• (PDF) Incident Response Readiness Assessment and Planning
• (PDF) eDiscovery Consulting
• (PDF) Breach Response Consulting

Security Awareness Training

Security Awareness Education (SAE)

• (PDF) SAE Trustwave Hosted
• (PDF) SAE Client Hosted
• (PDF) SAE Content Updates

Secure Development Training (SDT)

• (PDF) SDT Trustwave Hosted
• (PDF) SDT Client Hosted

Consulting and Professional Services

• (PDF) MODSecurity Commercial Rule Set
• (PDF) Cyber Advisory Diagnostic Services
• (PDF) Managed Vendor Risk Assessment (MVRA) Services

Compliance

• (PDF) Data Loss Prevention – Discover
• (PDF) Endpoint Protection Suite
• (PDF) Extended Validation (EV) SSL Certificate
• (PDF) Managed Network Access Control (NAC)

Global Compliance Risk Services (GCRS)

Payment Card Industry Data Security Standards (PCI DSS) Services

• (PDF) PCI DSS Compliance Validation Service (Spanish) (Portuguese)
• (PDF) PCI DSS Gap Assessment (Spanish) (Portuguese)
• (PDF) PCI DSS General Consulting
• (PDF) PCI DSS Policy and Procedures Service
• (PDF) PCI DSS Policy Template (Spanish) (Portuguese)
• (PDF) PCI DSS Readiness Subject Matter Expert Consulting
• (PDF) PCI DSS Readiness Workshop
• (PDF) PCI DSS Remediation Service (Spanish) (Portuguese)
• (PDF) PCI DSS Self-Assessment Consulting (Spanish) (Portuguese)
• (PDF) PCI DSS Self-Assessment Validation

Payment Application Data Security Standards (PA-DSS) Services

• (PDF) PA-DSS Application Security Review
• (PDF) PA-DSS Compliance Validation Service (Spanish) (Portuguese)
• (PDF) PA-DSS Final Application Review
• (PDF) PA-DSS General Consulting
• (PDF) PA-DSS High-Impact Change Assessment
• (PDF) PA-DSS Low-Impact Change Assessment
• (PDF) PA-DSS Maintenance Program
• (PDF) PA-DSS No-Impact Change Assessment
• (PDF) PA-DSS Training
• (PDF) SSF Consulting
• (PDF) SSF Gap Assessment
• (PDF) SSF Pre-Assessment Workshop
• (PDF) SSF Secure SLC Compliance Validation Service
• (PDF) SSF Secure Software Compliance Validation Service

Point-to-Point Encryption (P2PE) Services

• (PDF) Non-listed Encryption Implementation Review
• (PDF) Non-listed Encryption Solution Assessment
• (PDF) P2PE Application Assessment
• (PDF) P2PE Application Delta Change Assessment
• (PDF) P2PE Application No-Impact Change Assessment
• (PDF) P2PE Component Assessment
• (PDF) P2PE Gap Assessment
• (PDF) P2PE General Consulting
• (PDF) P2PE Pre-Assessment Workshop
• (PDF) P2PE Solution Assessment
• (PDF) P2PE Solution Designated Change Assessment

Other PCI and Payment Services

• (PDF) Payment Services Directive Gap Assessment
• (PDF) PCI Card Production Compliance Validation Service
• (PDF) PCI Card Production Gap Assessment
• (PDF) PCI Card Production General Consulting
• (PDF) PCI Card Production Pre-Assessment Workshop
• (PDF) PCI PIN Gap Assessment
• (PDF) PCI PIN General Consulting (Spanish) (Portuguese)
• (PDF) PCI PIN Security Assessment
• (PDF) PCI Three Domain Secure Core Security Assessment
• (PDF) PCI Three Domain Secure Gap Assessment
• (PDF) PCI Three Domain Secure General Consulting
• (PDF) PCI Token Service Provider Assessment

Privacy and Data Protection Services

• (PDF) Data Privacy Consulting (Spanish) (Portuguese)
• (PDF) Data Privacy Gap Assessment
• (PDF) Data Privacy Impact Assessment
• (PDF) Data Privacy Policy Service
• (PDF) Data Privacy Risk Assessment
• (PDF) Data Privacy Subject Rights Request Consulting
• (PDF) HIPAA Gap Assessment
• (PDF) HIPAA Policy Service
• (PDF) HIPAA Risk Assessment
• (PDF) NIST Privacy Framework Consulting

Risk Assessment Services

• (PDF) Information Security Risk Assessment
• (PDF) Information Security Risk Assessment Remediation Consulting
• (PDF) International Standards Organization Gap Assessment

General Consulting Services

• (PDF) General Consulting (Spanish) (Portuguese)
• (PDF) NIST Controls Assessment
• (PDF) Onsite Chief Information Security Officer

Partner Services

• (PDF) Merchant PCI Compliance Validation Services (Acquirer)
• (PDF) PCI Sponsor View Compliance Validation Service (Self-Managed)
• (PDF) Merchant PCI Concierge
• (PDF) Web Risk Monitoring (WRM)