Subtle White Gold Mesh

Legal & Compliance

Transparency and trust are the foundation of our security services. Review our policies to understand how we protect your business.

Master Services Agreement (MSA)

This Master Services Agreement ("Agreement") governs the purchase and use of the "CMMC Fortress" subscription services provided by Custodia LLC.

1. Definitions

  • "Service": The cybersecurity advisory, scanning, and badge verification services provided by Custodia.
  • "Client": The business entity purchasing the Service.
  • "CMMC Data": Information related to the Client's compliance with the Cybersecurity Maturity Model Certification.

2. Scope of Services

Custodia agrees to provide the following "CMMC Fortress" services:

  • Gap Analysis: Initial assessment of Client's NIST 800-171 posture.
  • Policy Generation: Creation of a System Security Plan (SSP) and Plan of Action & Milestones (POAM).
  • Monthly Scanning: Automated external vulnerability scans (up to 5 IPs).
  • Fractional CISO Support: Email and phone support for compliance questions.

Exclusions: Services do not include hardware remediation, onsite IT support, or legal defense in court. Custodia acts as an advisor, not an insurer.

3. Fees and Payment

Subscription: Fees are billed monthly or annually as selected at checkout.

Late Payments: Accounts 15 days past due will lose access to the Live Badge and Fractional CISO support.

4. Term and Termination

Term: This Agreement commences on the date of subscription purchase and continues until terminated.

Termination for Convenience: Client may cancel the subscription at any time with 30 days' written notice. No refunds are issued for partial months.

5. Confidentiality

Each party agrees to hold the other's Confidential Information in strict confidence. Custodia recognizes that Client's vulnerability data is highly sensitive and will protect it with the same degree of care used for its own sensitive data.

6. Limitation of Liability

Cap on Liability: IN NO EVENT SHALL CUSTODIA'S AGGREGATE LIABILITY ARISING OUT OF THIS AGREEMENT EXCEED THE TOTAL FEES PAID BY CLIENT IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

No Guarantee of Certification: Custodia prepares Client for audit but does not guarantee a successful CMMC Level 1 certification result, as this depends on Client's internal adherence to policies.

7. Independent Contractor

Custodia is an independent contractor, not an employee or partner of Client.