Contract Documents

Agreements

The Master Terms and Conditions, Order Form, Data Protection Agreement (as applicable), Service Descriptions (including dependencies and assumptions) (as applicable), Trustwave End User License Agreement (as applicable), third party end user license agreements (as applicable), and any non-disclosure agreement executed between the parties, will apply to the services you purchase from Trustwave.

• (PDF) Trustwave Global Master Terms and Conditions
• (PDF) Trustwave EMEA Master Terms and Conditions
• (PDF) Data Protection Agreement
• (PDF) Trustwave End User License Agreement (EULA)

Service Descriptions

The following service descriptions will apply to the Trustwave services under the categories below purchased through the Trustwave Order Form. Trustwave Services are categorized into Managed Security Services (MSS), Global Compliance and Risk Services (GCRS), Non-Managed Services, SpiderLabs Services, Cyber Security Education Services and Third Party Product (TPP) Implementation and Support Services. Client understands and agrees that each category of services will have a set of dependencies and assumptions that equally apply to all services under that category.

Managed Security Services (MSS)

• (PDF) Dependencies and Assumptions for Managed Security Services

Global Compliance and Risk Services (GCRS)

• (PDF) Dependencies and Assumptions for GCRS Services

Non-Managed Services

• (PDF) Dependencies and Assumptions for Non-Managed Services

SpiderLabs Services

• (PDF) Dependencies and Assumptions for SpiderLabs Services

Cyber Security Education Services

• (PDF) Dependencies and Assumptions for Cyber Security Education Services

Third Party Product (TPP) Implementation and Support Services

• (PDF) Dependencies and Assumptions for TPP Implementation and Support Services

Managed Security Services (MSS)

• (PDF) MSS Transition Service
• (PDF) Managed Application Control (MAC)
• (PDF) Managed Detection and Response (MDRe) for Endpoints
• (PDF) Managed Internal Vulnerability Scanning (IVS)
• (PDF) Managed Intrusion Detection Security (IDS)
• (PDF) Managed Secure Email Gateway Cloud (SEG)
• (PDF) Managed Secure Web Gateway (Not Cloud)
• (PDF) Managed Secure Web Gateway Cloud (SWG)
• (PDF) Managed Security and Compliance (MSC)
• (PDF) Managed Security and Compliance (MSC) – Compliance Essentials
• (PDF) Managed Security and Compliance (MSC) – P2PE
• (PDF) Managed SIEM Appliances
• (PDF) Managed Next Generation Firewall
• (PDF) Managed Web Application Firewall
• (PDF) Security and Compliance Monitoring
• (PDF) Proactive Threat Hunting

Security Technology Management Services

To the extent that Client purchases Security Technology Management Services, the main “Security Technology Management” service description will apply.

• (PDF) Security Technology Management

The following addenda to the main "Security Technology Management" service description should also apply for any relevant supported solutions purchased by Client.

• (PDF) IDPS/NGFW Solution

Global Compliance and Risk Services (GCRS)

Payment Card Industry Data Security Standards (PCI DSS) Services

• (PDF) Compliance Readiness Workshop
• (PDF) PCI DSS Compliance Readiness Workshop Subject Matter Expert Consulting
• (PDF) PCI DSS Gap Assessment
• (PDF) PCI DSS Remediation Service
• (PDF) PCI DSS Risk Assessment
• (PDF) PCI DSS Policy and Procedures Service (PPS)
• (PDF) PCI DSS Policy Template
• (PDF) PCI DSS General Consulting
• (PDF) PCI DSS Self-Assessment Consulting
• (PDF) PCI DSS Self-Assessment Validation
• (PDF) PCI DSS Compliance Validation Service (CVS) – Level 1
• (PDF) PCI Three Domain Secure (3DS) Core Assessment

Payment Application Data Security Standards (PA DSS) Services

• (PDF) PA DSS Compliance Validation Service
• (PDF) PA DSS Eligibility Assessment

General Consulting Services

• (PDF) General Consulting
• (PDF) NIST Controls Assessment
• (PDF) Virtual Chief Information Security Officer (V-CISO)

Privacy and Data Protection Services

• (PDF) Privacy Workshop
• (PDF) Privacy Workshop Subject Matter Expert Consulting
• (PDF) Privacy Information Security Risk Assessment (P-ISRA)
• (PDF) Privacy Impact Assessment (PIA)
• (PDF) HIPAA Pre-Assessment
• (PDF) HIPAA Gap Assessment
• (PDF) HIPAA Risk Assessment
• (PDF) HIPAA Remediation Consulting

Risk Assessment Services

• (PDF) Information Security Risk Assessment (ISRA)
• (PDF) Information Security Risk Assessment (ISRA) Remediation Consulting
• (PDF) International Standards Organization (ISO) Gap Assessment

Non-listed Encryption Solution Assessment (NESA)

• (PDF) Non-listed Encryption Solution Assessment (NESA)

Non-listed Encryption Implementation Review (NEIR)

• (PDF) Non-listed Encryption Implementation Review (NEIR)

Point-to-Point Encryption (P2PE) Services

• (PDF) P2PE Pre Assessment Workshop
• (PDF) P2PE Delta Change Review
• (PDF) P2PE Gap Assessment
• (PDF) P2PE Component Assessment
• (PDF) P2PE Solution Assessment
• (PDF) P2PE Designated Change Assessment
• (PDF) P2PE Application Assessment
• (PDF) P2PE Application No-Impact Change Assessment

SECURITY MATURITY

• (PDF) Security Maturity Assessment

Threat Modeling

• (PDF) Threat Model Consulting

PCI PIN Service

• (PDF) PCI PIN Service

Non-Managed Services

• (PDF) DbProtect
• (PDF) Detection and Response Consulting (DARC)
• (PDF) Data Loss Prevention – Discover
• (PDF) Endpoint Protection Suite
• (PDF) Extended Validation (EV) SSL Certificate
• (PDF) Information Security Advisor (ISA) / Information Security Specialist (ISS)
• (PDF) Licensed SIEM (Non-Managed)
• (PDF) Managed 3rd Party SOC & Security Monitoring
• (PDF) Managed Network Access Control (NAC)
• (PDF) Network Access Control (NAC) Service
• (PDF) Non-Managed External Vulnerability Scanning (EVS)
• (PDF) Non-Managed Secure Web Gateway
• (PDF) Non-Managed Web Application Firewall
• (PDF) Trustwave MyIdentity
• (PDF) Trustwave MODSecurity Rules
• (PDF) Trustwave Secure Email Gateway (Non-Managed)
• (PDF) Trustwave WebMarshal
• (PDF) Web Filtering and Reporting Suite
• (PDF) Web Risk Monitoring (WRM)

SpiderLabs Services

Managed Security Testing (MST) Services

• (PDF) Managed Security Testing (MST) Services

Trusted Advisor and Consulting Services

• (PDF) Secure Development Training – Instructor-Led
• (PDF) Trusted Security Advisor

Legacy Penetration Testing Services

• (PDF) Application Penetration Testing
• (PDF) Application Source Code
• (PDF) ATM Technical Security Review
• (PDF) External Network Penetration Testing
• (PDF) Internal Network Penetration Testing
• (PDF) Mobile Application Penetration Testing
• (PDF) Physical Security Assessment
• (PDF) Purple Teaming
• (PDF) Red Teaming
• (PDF) Social Engineering
• (PDF) Wireless Penetration Testing

Cyber Security Education Services

Security Awareness Education (SAE)

• (PDF) SAE Trustwave Hosted
• (PDF) SAE Client Hosted
• (PDF) SAE Content Updates
• (PDF) SAE Custom Content Development
• (PDF) SAE Translation Service

Secure Development Training (SDT)

• (PDF) SDT Trustwave Hosted
• (PDF) SDT Client Hosted

Third Party Product (TPP) Implementation and Support Services

• (PDF) Palo Alto Technical Support Center Services
• (PDF) Palo Alto Next Generation Firewall Deployment Service
• (PDF) Carbon Black Technical Support Center Services
• (PDF) Carbon Black Response Technology Implementation Service
• (PDF) FortiGate Next Generation Firewall Deployment Service
• (PDF) DarkTrace Technology Implementation Service

Third Party End User License Agreements

To the extent that Client purchases (i) a third party product or (ii) a service with third party product that is integrated into or used in the provision of services (“Third Party Bundle”), the following end user license agreements (“EULA”) shall apply. Client agrees to be bound by an applicable EULA when purchasing an applicable Third Party Bundle in addition to the terms and conditions between Trustwave and Client.

• (PDF) Carbon Black
• Cisco
• (PDF) Cybereason
• Fortinet