Vantage For Government Addendum to Nozomi Networks Products End User License Agreement

This Nozomi Networks Vantage for Government Addendum (“Addendum”) supplements and supersedes conflicting terms in the Nozomi Networks Products End User License Agreement (“Agreement”) solely with respect to the use of Nozomi Networks Vantage for Government (“NNVG”), a FedRAMP-authorized Nozomi Networks cloud Subscription Service. Unless defined below, all capitalized terms herein shall have the same meaning as in the Agreement. As it relates to the provision of NNVG, in the event of a conflict between this Addendum and any other agreements or contracts the order of precedence shall be: 1) this Addendum; 2) the Agreement; and 3) an Order.

Representations.  Nozomi Networks represents that NNVG has achieved FedRAMP Authorization at the Moderate baseline. Nozomi Networks will maintain such authorization during the End User’s Order Term.

Security Controls.  During End User’s Order Term, Nozomi Networks shall implement and maintain security controls consistent with:

• FedRAMP Moderate baseline
• Continuous monitoring requirements under FedRAMP
• An active Authority to Operate, if applicable
• Required System Security Plan
• Continuous monitoring reporting
• Vulnerability scanning and Plans of Action & Milestones tracking

Government End User Responsibilities.  Government End User acknowledges that:

• It is responsible for proper configuration of NNVG.
• It must follow FedRAMP shared responsibility model requirements as determined in the Customer Responsibilities Matrix Workbook.
• It is responsible for user access management within its tenant .
• In accessing and using NNVG, it must adhere to FedRAMP Rules of Behavior, including restrictions on privileged access, data sharing, user access management, and incident reporting.
• It is responsible for any external integrations and connections that are not included in the Illustrated Architecture in the SSP, including software and hardware it owns, operates, and controls.
• It must ensure proper handling of Controlled Unclassified Information (CUI), if applicable.

End User agrees not to use NNVG in a manner inconsistent with its authorized impact level.

FedRAMP Authorization Boundary. Nozomi Networks will ensure that all End User Data and all system components supporting NNVG remain within the FedRAMP approved boundary, including ensuring that (a) all storage, processing, backups, logs, and administrative access occur exclusively within U.S. geographic regions designated for FedRAMP (e.g., AWS GovCloud (US)), and (b) only U.S. Persons have access to such data or systems unless otherwise permitted by law and approved by End User.

Government Rights in End User Data. End User retains all ownership rights in End User Data. During the Order Term, End User grants Nozomi Networks a worldwide, non-exclusive, limited license to access, process, transmit, store, use, and display End User Data solely in connection with the performance of Nozomi Networks’ obligations under the Agreement.

Incident Response and Reporting. Nozomi Networks shall:

• Maintain a FedRAMP-compliant incident response program.
• Report incidents in accordance with FedRAMP requirements.
• Notify End User without undue delay following confirmation of a security incident affecting End User Data in the FedRAMP Environment.

Notification timelines shall align with FedRAMP reporting requirements and applicable federal guidelines.

Audit and Assessment. End User acknowledges that:

• FedRAMP authorization involves independent Third-Party Assessment Organization assessments.
• Security documentation may be accessed via the FedRAMP Marketplace or through secure channels.
• Direct audits of Nozomi Networks facilities may be limited to what is permitted under FedRAMP and Nozomi Networks’ security policies.

Changes to Authorization Status. If Nozomi Networks’ FedRAMP authorization status changes materially, Nozomi Networks shall:

• Promptly notify End User.
• Provide a remediation plan, if applicable.

Loss of FedRAMP authorization shall not automatically terminate the Agreement but may give End Users termination rights as specified in the Agreement or Order.

No Expansion of Liability. Except as expressly stated in this Addendum:

• The Agreement’s limitation of liability and indemnification provisions remain unchanged.
• This Addendum does not create additional warranties beyond FedRAMP compliance obligations.
• Nozomi Networks does not guarantee that FedRAMP authorization satisfies all End User regulatory requirements.

Survival. The obligations under this Addendum survive termination of the Agreement to the extent required by FedRAMP.

‍