Contract Documents

Master Agreements, Terms & Conditions

• (PDF) Trustwave Master Terms and Conditions
• (PDF) Data Protection Agreement
• (PDF) Trustwave End User License Agreement (EULA)
• (PDF) Dependencies and Assumptions & Managed Security Client Obligations

Managed Detection and Response

• (PDF) MSS Transition Service
• (PDF) Co-Managed SOC
• (PDF) Managed Detection and Response Essentials (MDR Essentials)
• (PDF) Managed Detection and Response Advanced (MDR-Advanced)
• (PDF) Threat Monitoring
• (PDF) Managed Intrusion Detection Security (IDS)
• (PDF) Security and Compliance Monitoring
• (PDF) Proactive Threat Hunting
• (PDF) Information Security Advisor (ISA)
• (PDF) Client Success Manager (CSM)
• (PDF) Service Delivery Manager (SDM)

Managed Security Compliance (MSC)

• (PDF) Managed Security and Compliance (MSC)
• (PDF) Managed Security and Compliance (MSC) – Compliance Essentials
• (PDF) Managed Security and Compliance (MSC) – P2PE

Cloud Security

• (PDF) Security Services for Cloud Access Security Broker (CASB)

Security Technology Management

To the extent that Client purchases Security Technology Management Services, the main “Security Technology Management” service description will apply.

• (PDF) Security Technology Management (On Premise/Hybrid)
• (PDF) Security Technology Management (Cloud)

The following addenda to the main "Security Technology Management" service description should also apply for any relevant supported solutions purchased by Client.

• (PDF) IDPS/NGFW Solution
• (PDF) Endpoint Protection Solution
• (PDF) Security Technology Management - Cloud WAF Addendum
• (PDF) Security Technology Management - Cloud WAF Addendum (MSS Transition)
• (PDF) Managed Application Control (MAC)

Database Security

• (PDF) DbProtect
• (PDF) Managed Database Security Service

Secure Email Gateway

• (PDF) Trustwave MailMarshal (Non-Managed)
• (PDF) Trustwave WebMarshal
• (PDF) Trustwave MailMarshal Cloud

Security Testing

Penetration Testing

Managed Security Testing (MST)

• (PDF) Managed Security Testing (MST) Services

Custom Testing

• (PDF) Trustwave SpiderLabs Testing
• (PDF) Active Directory Review
• (PDF) Amazon Web Services
• (PDF) Application Penetration Testing
• (PDF) Application Source Code
• (PDF) Azure Cloud Assessment
• (PDF) ATM Technical Security Review
• (PDF) Embedded Security Assessment
• (PDF) External Network Penetration Testing
• (PDF) Internal Network Penetration Testing
• (PDF) Mobile Application Penetration Testing
• (PDF) Operational Technology Security Assessment
• (PDF) Physical Security Assessment
• (PDF) Purple Teaming
• (PDF) Red Teaming
• (PDF) Segmentation Test Discovery Scan
• (PDF) Social Engineering
• (PDF) Virtualization Technology Assessments
• (PDF) Wireless Penetration Testing

Managed Scanning

• (PDF) Managed 3^rd Party Vulnerability Scanning

Vulnerability Scanning

• (PDF) Security Testing for Networks
• (PDF) Vulnerability Scanning

Spider Labs Incident Response & Forensics (DFIR)

• (PDF) Incident Response Training and Exercises
• (PDF) Incident Response Retainer
• (PDF) Incident Response Readiness Assessment and Planning

Security Awareness Training

Security Awareness Education (SAE)

• (PDF) SAE Trustwave Hosted
• (PDF) SAE Client Hosted
• (PDF) SAE Content Updates
• (PDF) SAE Custom Content Development
• (PDF) SAE Translation Service

Secure Development Training (SDT)

• (PDF) SDT Trustwave Hosted
• (PDF) SDT Client Hosted

Consulting and Professional Services

• (PDF) MODSecurity Commercial Rule Set
• (PDF) Cyber Advisory Diagnostic Services

Compliance

• (PDF) Data Loss Prevention – Discover
• (PDF) Endpoint Protection Suite
• (PDF) Extended Validation (EV) SSL Certificate
• (PDF) Managed Network Access Control (NAC)

Global Compliance Risk Services (GCRS)

Payment Card Industry Data Security Standards (PCI DSS) Services

• (PDF) PCI DSS Compliance Validation Service (Spanish) (Portuguese)
• (PDF) PCI DSS Gap Assessment (Spanish) (Portuguese)
• (PDF) PCI DSS General Consulting
• (PDF) PCI DSS Policy and Procedures Service
• (PDF) PCI DSS Policy Template (Spanish) (Portuguese)
• (PDF) PCI DSS Readiness Subject Matter Expert Consulting
• (PDF) PCI DSS Readiness Workshop
• (PDF) PCI DSS Remediation Service (Spanish) (Portuguese)
• (PDF) PCI DSS Self-Assessment Consulting (Spanish) (Portuguese)
• (PDF) PCI DSS Self-Assessment Validation

Payment Application Data Security Standards (PA-DSS) Services

• (PDF) PA-DSS Application Security Review
• (PDF) PA-DSS Compliance Validation Service (Spanish) (Portuguese)
• (PDF) PA-DSS Final Application Review
• (PDF) PA-DSS General Consulting
• (PDF) PA-DSS High-Impact Change Assessment
• (PDF) PA-DSS Low-Impact Change Assessment
• (PDF) PA-DSS Maintenance Program
• (PDF) PA-DSS No-Impact Change Assessment
• (PDF) PA-DSS Training
• (PDF) SSF Consulting
• (PDF) SSF Gap Assessment
• (PDF) SSF Pre-Assessment Workshop
• (PDF) SSF Secure SLC Compliance Validation Service
• (PDF) SSF Secure Software Compliance Validation Service

Point-to-Point Encryption (P2PE) Services

• (PDF) Non-listed Encryption Implementation Review
• (PDF) Non-listed Encryption Solution Assessment
• (PDF) P2PE Application Assessment
• (PDF) P2PE Application Delta Change Assessment
• (PDF) P2PE Application No-Impact Change Assessment
• (PDF) P2PE Component Assessment
• (PDF) P2PE Gap Assessment
• (PDF) P2PE General Consulting
• (PDF) P2PE Pre-Assessment Workshop
• (PDF) P2PE Solution Assessment
• (PDF) P2PE Solution Designated Change Assessment

Other PCI and Payment Services

• (PDF) Payment Services Directive Gap Assessment
• (PDF) PCI Card Production Compliance Validation Service
• (PDF) PCI Card Production Gap Assessment
• (PDF) PCI Card Production General Consulting
• (PDF) PCI Card Production Pre-Assessment Workshop
• (PDF) PCI PIN Gap Assessment
• (PDF) PCI PIN General Consulting (Spanish) (Portuguese)
• (PDF) PCI PIN Security Assessment
• (PDF) PCI Three Domain Secure Core Security Assessment
• (PDF) PCI Three Domain Secure Gap Assessment
• (PDF) PCI Three Domain Secure General Consulting
• (PDF) PCI Token Service Provider Assessment

Privacy and Data Protection Services

• (PDF) Data Privacy Consulting (Spanish) (Portuguese)
• (PDF) Data Privacy Gap Assessment
• (PDF) Data Privacy Impact Assessment
• (PDF) Data Privacy Policy Service
• (PDF) Data Privacy Risk Assessment
• (PDF) Data Privacy Subject Rights Request Consulting
• (PDF) HIPAA Gap Assessment
• (PDF) HIPAA Policy Service
• (PDF) HIPAA Risk Assessment
• (PDF) NIST Privacy Framework Consulting

Risk Assessment Services

• (PDF) Information Security Risk Assessment
• (PDF) Information Security Risk Assessment Remediation Consulting
• (PDF) International Standards Organization Gap Assessment

General Consulting Services

• (PDF) General Consulting (Spanish) (Portuguese)
• (PDF) NIST Controls Assessment
• (PDF) Onsite Chief Information Security Officer

Partner Services

• (PDF) Merchant PCI Compliance Validation Services (Acquirer)
• (PDF) PCI Sponsor View Compliance Validation Service (Self-Managed)
• (PDF) Web Risk Monitoring (WRM)