Standard Terms and Conditions

Version 0.2 – Effective Date: September 2023

By executing a Service Order subject to this Service Agreement (“Agreement”), the Parties agree to be bound by the terms and conditions set forth below. In the event of a conflict between the terms of this Agreement and a Service Order, the terms of this Agreement will govern except where the terms of a Service Order expressly state otherwise

1. SERVICE ORDERS & DELIVERY. Coalfire Federal agrees to provide the Service(s) and report(s) (“Deliverable(s)”) more fully described in the applicable order form or statement of work (“Service Order(s)”). A Coalfire Federal affiliate or subsidiary may provide the Service; however, Coalfire Federal agrees to remain liable to Client for such delivery and performance.


2.1 Invoicing. Coalfire Federal will invoice Client on a monthly basis for fees and expenses incurred, and payment is due thirty (30) days following the date of the invoice. Client must object to an invoice within fifteen (15) days following receipt of the invoice or the invoice will be deemed accepted by Client. If Client fails to pay timely, Coalfire Federal reserves the right, in addition to any other rights it may have, to suspend the Services until such payment is made in full and charge interest on the amount past due at the lesser of 1.5% per month or the maximum allowed by law.

2.2 Taxes. The fees exclude all applicable sales, use, and other taxes, and all applicable export and import fees, customs duties and similar charges attributable to any use by Client of the Services. Client will be responsible for payment of all such taxes, fees, duties, and charges, and any related penalties and interest, arising from Client’s payment of the fees or its receipt of the delivery, provision or license of the Services.

3. TERM & TERMINATION. Either Party may terminate the Service Order for convenience upon thirty (30) days’ prior written notice to the other Party (“Termination Date”). Additionally, either Party may terminate the Service Order due to the other Party’s breach of any of its obligations that remain uncured after ten (10) days’ notice from the non-breaching Party. Termination for cause will not preclude the non-breaching Party from pursuing any and all remedies available to it at law or in equity. Upon expiration or termination of the Service Order for any reason, Client shall pay: (a) for all approved expenses incurred and Services rendered (or a pro-rata portion thereof), prior to the effective date of such termination; and (b) for all expenses necessary to effectively wind down Service delivery (such as return travel and per diem, final documentation and other expenses related to project termination). Any terms that by their very nature are intended to survive termination of the Service Order will continue in full force and effect following the Termination Date.


4.1 By Coalfire Federal. Coalfire Federal will indemnify Client from and against all third-party claims to the extent a Coalfire Federal Service or Deliverable infringes or misappropriates a third-party intellectual property right. If any Service or Deliverable is found to infringe or misappropriate an intellectual property right of a third party, then Coalfire Federal shall procure the right for Client to continue to use the results of the Service or Deliverable or re-perform the Service or replace the Deliverable so that it is non-infringing. If the preceding remedies are not available, then Coalfire Federal may terminate the Service Order and will refund the price paid for the infringing portion of the Services or the Deliverables. The foregoing is the sole and exclusive remedy of Client and states the entire liability of Coalfire Federal with respect to infringement or misappropriation of any proprietary rights by the Services or Deliverables.

4.2 By Client. Client will indemnify Coalfire Federal from and against all third-party claims to the extent attributable to Client’s having furnished any Deliverable or portion thereof to a third party in violation of this Agreement, any third-party reliance on a Deliverable, or any third-party claim arising as a result of Coalfire Federal’s use and/or reliance on information or data provided to it by Client.


5.1 By Coalfire Federal. Coalfire Federal represents that the Service will be performed in a workmanlike and professional manner by individuals who have skill and experience commensurate with the requirements of the Services.

5.2 By Client. Client agrees that Coalfire Federal will not be responsible for nonconformities or any errors in work papers or Deliverables resulting from Coalfire Federal’s reliance on inaccurate, inauthentic or incomplete data or information provided by Client. Client will cooperate with Coalfire Federal and take all actions reasonably necessary to enable Coalfire Federal to perform the Services. To that end, Client will provide, on a timely basis, all information, as well as access to systems, locations and personnel, reasonably requested by Coalfire Federal to enable Coalfire Federal to provide the Services. Client agrees that failure to do so may result in: 1) immediate termination of Service, and 2) a charge to Client equal to the amount of any lost hours at the hourly rate specified in the Service Order, and if no hourly rate is specified, $200.00 per hour. If Coalfire Federal is required to reschedule the delivery of Service due to the foregoing, then Client understands that such rescheduling will be dependent upon Coalfire Federal’s resource availability and may result in additional charges. Client further acknowledges and agrees that (a) any outcome of the Services involving security assessment is limited to a point-intime examination consistent with the Engagement Scope set forth in the Service Order, (b) the outcome of any audits, assessments or testing by, and the opinions, advice, recommendations and/or certification of, Coalfire Federal does not constitute any form of representation, warranty or guarantee that Client’s systems are secure from every form of attack, even if fully implemented, (c) in examining Client’s compliance or non-compliance status, Coalfire Federal relies upon accurate, authentic and complete information provided by Client as well as use of certain sampling techniques, and (d) Client’s management is solely responsible for the scope, goals and overall direction of the Services, as well as the implementation of any course of action based on such Services.

5.3 No Implied Warranties. Other than those expressly contained in this Section, neither Party makes any other representations or warranties, implied, statutory or otherwise, with respect to the Services or Deliverables. Coalfire Federal EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

6. LIMITATIONS ON LIABILITY. Neither Client nor its employees, officers and directors, on the one hand, nor Coalfire Federal and its employees, officers and directors and licensors, on the other hand (including without limitation the CMMC Accreditation Body will be liable to the other Party under this Agreement for commercial loss and lost profits or any consequential, incidental, indirect, punitive or special damages, or any other similar damages under any theory of liability whether in contract, tort or strict liability, however caused and regardless of legal theory or foreseeability, directly or indirectly, arising under this Agreement. In no event shall the liability of Coalfire Federal exceed the amounts payable by the Client for the services that give rise to the claim or the amounts payable by the client during the twelve (12) month period immediately preceding the date on which the claim arises and Coalfire Federal’s aggregate liability hereunder shall not exceed $5,000,000 The foregoing limitations shall not apply to breaches of confidentiality, gross negligence, willful misconduct, or failure to comply with applicable laws


7.1 Of Coalfire Federal. Client understands that Coalfire Federal is engaged to use its existing knowledge, training, experience and proprietary methodologies (“Coalfire Methodologies”) to perform the Service, which may include an assessment of Client’s information technology system and certain security aspects thereof, and in some cases, to provide a written report regarding such Services. Client will not acquire, and Coalfire Federal will not assign, any right, title or interest in or to the Coalfire Methodologies or any text, data or other materials that were owned by, or licensed to, Coalfire Federal prior to Coalfire Federal’s performance of Service (“Pre-existing Intellectual Property”) or to any new knowledge, techniques and methodologies developed by Coalfire Federal in the performance of the Service and the creation of the Deliverables. As between Coalfire Federal and Client, Coalfire Federal is and will remain the owner of all Pre-existing Intellectual Property and Coalfire Methodologies and all processes, know-how, methodologies and technology used in connection with providing the Services.

7.2 Of Client. Coalfire Federal will not acquire, and Client does not assign, any right, title or interest in or to confidential information or other materials provided by Client that were owned by or licensed to Client prior to Coalfire Federal’s performance of Service under the Service Order (“Client Pre-existing Intellectual Property”). As between Coalfire Federal and Client, Client is and will remain the owner of all Client Preexisting Intellectual Property.

7.3 License Grant. Subject to the terms of this Agreement, the Deliverables provided to Client will be owned by Client. If a Deliverable includes any Preexisting Intellectual Property, Coalfire Federal hereby grants to Client a perpetual, nonexclusive, royalty-free license to use such Deliverable for Client’s business purposes. If such use involves disclosure of the Deliverable to a third party, Client agrees: (i) such disclosure will be in furtherance of a legitimate business need of Client, (ii) the Deliverable will not be altered in any way, and (iii) such disclosure will be non-public in nature and subject to confidentiality terms at least as restrictive as those specified herein.

8. PUBLICITY. Upon Client approval, Coalfire Federal may use Client’s name as a reference for CMMC projects performed by Coalfire Federal.


10. DISPUTE RESOLUTION. No action arising out of this Agreement, regardless of the form, may be brought by either Party more than twelve (12) months after the cause of action has accrues, except for actions with respect to non-payment. This Agreement will be interpreted and construed in accordance with the substantive laws of the State of Virginia, without regard to any provisions of its choice of law rules, and will not be governed by the United Nations Convention of Contracts for the International Sale of Goods, the application of which is expressly excluded.

11. NON-SOLICITATION. Neither Party will actively recruit the other Party’s personnel engaged in providing or receiving Services during the term of the Service Order and for one (1) year thereafter. Notwithstanding the preceding, nothing in this provision shall be construed to prohibit a party from hiring officers or employees of the other party who respond to general employment advertisements on the party’s website, at job fairs, or otherwise, or who contact the party on the individual’s own initiative.

12. PERFORMANCE OF SERVICES. The location from which Coalfire Federal will provide the Services will be specified in the Service Order; however, Coalfire Federal may conduct sampling in connection with the Services from any sites that Coalfire Federal deems appropriate.

13. USE OF SUBCONTRACTORS. Coalfire Federal reserves the right to employ subcontractors to assist Coalfire Federal when providing any part of the Service, provided, however, Coalfire Federal will remain liable to Client with respect to any contracted Service to the extent Coalfire Federal would be liable to Client under the terms of this Agreement and the Service Order.


14.1 Security Assessment Services. If the Services include technical security testing, penetration testing (including physical, application, ethical or network penetration assessment and testing) or computer forensic services, Coalfire Federal will use various commercial, open source, freely distributed or proprietary testing tools, techniques and monitoring methods to evaluate the devices, software or resources (collectively “Systems”) identified by Client, and verified by Coalfire Federal, as within scope. Coalfire Federal may also use tools that meet the definition of malware by anti-virus platforms. Coalfire Federal is not responsible for adverse consequences resulting from inaccurate information, including inaccurate IP Addresses, furnished by Client with respect to any System.

14.2 Reserved


15.1 Confidentiality. Each Party acknowledges the other Party’s obligation to comply with, and each Party agrees to comply with, applicable legal and regulatory requirements with respect to confidentiality and the terms of any nondisclosure agreement between the Parties. If no such agreement exists, and except as required by applicable legal or regulatory requirement, each Party agrees that:

a. Proprietary Information shall mean information disclosed to a Party by the other Party in connection with this agreement which is either identified by a Party as being proprietary to that Party or which is information that a reasonable person would understand to be such Proprietary Information. 

b. Information disclosed either orally or visually shall not be subject to any nondisclosure obligation under this agreement unless such oral or visual information is identified as Proprietary Information at the time of disclosure and a reasonable description or summary of the contents of the oral or visual information is reduced to writing within five (5) business days after disclosure and provided to the receiving party. Proprietary Information shall not mean any information previously known to a Party without obligation of confidence, or which becomes publicly disclosed, or which is rightfully received from a third party without obligation of confidence. 

c. Proprietary Information, including all materials provided to the receiving party in connection to such Proprietary Information shall remain the sole property of the disclosing party, and shall be duplicated only as authorized in writing by the furnishing Party, and shall be returned to the furnishing Party by the receiving Party upon request.

d. Unless otherwise permitted by the furnishing Party, the receiving Party shall not disclose Proprietary Information to any third party, and shall take all reasonable precautions to prevent the disclosure of Proprietary Information to third parties, including any foreign national, firm, or country, and foreign nationals employed by or associated with the receiving Party’s company except as specifically authorized by the furnishing Party. The Parties shall comply with all applicable government security regulations, and access to such Proprietary Information as may contain classified information shall be restricted accordingly.

e. In addition to the duties imposed by criminal and civil statutes, including applicable state trade secrets laws, federal patent and copyright law, and the Economic Espionage Act, the receiving Party shall exercise all reasonable care to preserve and protect the Proprietary Information from any unauthorized use, disclosure, or theft.

f. The receiving party shall notify the disclosing party, in writing, immediately after the receiving party becomes aware of any unauthorized use, disclosure, or theft of the Proprietary Information and shall identify the receiving party’s actions to contain and prevent further unauthorized use, disclosure, or theft of the disclosing party’s Proprietary Information.

g. If a subpoena or other legal process concerning any Proprietary Information is served upon the receiving party pertaining to the disclosing party’s Proprietary Information, the receiving party shall promptly notify, in writing, the disclosing party upon receipt of the subpoena or other legal process. The receiving party shall cooperate with any lawful effort by the disclosing party to contest the validity of the subpoena, to seek a protective order, or to pursue other legal process to protect the Proprietary Information. The disclosing party shall at all times limit the disclosure of Proprietary Information to that which is required by law or legal process.

15.2 Assignment. Coalfire Federal may assign or transfer any of its rights or obligations under this Agreement to a third party without the express written consent of Client; however, Client may not assign or transfer any of its rights or obligations under this Agreement to a third party without the express written consent of Coalfire Federal, such consent not to be unreasonably delayed, conditioned or withheld. Notwithstanding the preceding, either Party may, without agreement of the other assign this Agreement as a result of any internal reorganization that occurs as a result of a (a) merger of a Party with a parent, subsidiary, or affiliate or (b) transfer of all or substantially all of the assets used by a Party in performance of this Agreement or contribution of the stock of a Party to a parent, subsidiary, or affiliate.

15.3 Entire Agreement. This Service Order as well as any written amendments, constitutes the entire agreement between the Parties and supersedes all previous communications, representations, understandings, and agreements between the Parties or any officer or representative of the parties. No amendments or other variation will be effective unless in writing and signed by an authorized person on behalf of each Party.

15.4 Purchase Orders. Any purchase order or other document issued by Client will be effective only to confirm mutually agreed upon Services, Deliverables, and fees. Any legal terms or conditions on such purchase order or document will be of no effect.

15.5 Force Majeure. Neither Coalfire Federal nor Client will be liable for any failure to perform due to any cause beyond such Party’s reasonable control.

15.6 Relationship Between the Parties. Coalfire Federal will perform its obligations under this agreement as an independent contractor and not as an agent or joint venture partner of Client.

15.7 No Third-Party Beneficiaries. No term or provision of this agreement is intended to be, nor will be, for the benefit of any person, firm, organization or corporation not a party hereto, and no such third party will have any right or cause of action hereunder.

15.8 Notice. Notices required under this Agreement will be in writing and delivered in person or sent by overnight courier addressed to the addresses in the Service Order. Notice will be effective when sent by overnight courier or upon delivery if delivered in person.

15.9 Severability. If any provision of this Agreement is determined to be unenforceable or invalid, the remaining provisions of this Agreement will remain in full force and effect.

15.10 Changes. If Coalfire Federal determines that a modification to the engagement scope is required to perform the Services, such modification will be reflected in a change order that is executed by the Parties. A Change Order may result in an increase or decrease in fees.

15.11 Purchase Orders.  Any purchase order or other document issued unilaterally by Client will be effective only to confirm mutually agreed upon Services, Deliverables, and fees. Any legal terms or conditions on such purchase order or document will be of no effect