This Master Agreement (this “Agreement”) is made by and between Tenable (as defined below) and 
the customer licensing Products
and/or receiving services (“Customer”) with an effective date as of the date Customer clicks to 
accept this Agreement (the “Effective
Date”). Hereinafter, each of Tenable and Customer may be referred to collectively as the 
“Parties” or individually as a “Party”.

1. Definitions.

(a) “Affiliate” means any entity that controls, is controlled by, or is under common control 
with a Party. “Control” shall mean:
(1) ownership (either directly or indirectly) of greater than fifty percent (50%) of the voting 
equity or other controlling equity of another
entity; or (2) power of one entity to direct the management or policies of another entity, by 
contract or otherwise.

(b) “Documentation” means the then-current official user manuals and/or documentation for the 
Products available at
docs.tenable.com (or a successor location).

(c) “Hosted Services” are a type of service offered through Tenable’s cloud-based software as 
a service (SaaS) platform and
include Scans and access to and use of the hosted environment (the “Hosted Environment”).

(d) “Product(s)” means any of the products that Tenable offers, including Software, Hosted 
Services, Hardware (if any),
Support Services and Professional Services.

(e) “Professional Services” means services purchased, including consulting services which are 
relevant to the implementation
and configurations of Tenable Products as well as on-site or virtual training courses. Generally, 
Professional Services are defined either
in a separate SOW or a Services Brief. Professional Services do not include the Hosted Services or 
Support Services.

(f) “Scan(s)” are a function performed by the Software and/or the Hosted Services on Scan 
Targets, which are conducted in
order to provide data to Customer regarding its network security. “PCI Scans” are a specific 
type of Scan designed to assess compliance
with the Payment Card Industry Data Security Standard. “Scan Data” is the resulting information 
created by the Scan. “Scan Target(s)”
are the targets or subjects of a Scan.

(g) “Services Brief” means the document which outlines Tenable’s basic, pre-packaged 
installation or training Professional
Services offered under a Tenable SKU and which do not require a separate SOW. Current versions of 
Services Briefs may be found at
http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location). For the avoidance 
of doubt, Customer may purchase
commercial off the shelf SKU-based Professional Services without executing a separate Statement of 
Work. A “SOW” or “Statement
of Work” shall further describe Professional Services, the terms of which may be customized and 
which shall require execution by the

(h) “Software” means each software product made available by Tenable under this Agreement for 
download. Software
includes patches, updates, improvements, additions, enhancements and other modifications or revised 
versions of the same that may be
provided to Customer by Tenable from time to time.

(i) “Technical Data” means data Customer uploads or runs through or on the Products, or is 
otherwise generated thereby,
including information regarding licensing metrics and product behavioral data.

(j) “Tenable” means: (i) Tenable, Inc., if Customer is a commercial entity or individual 
located in North or South America
(Tenable, Inc. is a Delaware corporation having offices at 6100 Merriweather Drive, 12th Floor, 
Columbia, MD 21044); (ii) Tenable
Public Sector LLC, if Customer is an agency or instrumentality of the United States Government, a 
commercial entity operating
predominantly as a federal systems integrator for eventual sale or resale or for the benefit of the 
United States Government, or an agency
or instrumentality of a State or local government within the United States (Tenable Public Sector 
LLC is a Delaware limited liability
company having offices at 6100 Merriweather Drive, 12 th Floor, Columbia, MD 21044); or (iii) 
Tenable Network Security Ireland
Limited, if Customer is located outside of North or South America (Tenable Network Security Ireland 
Limited is a private limited
company having offices at 81b Campshires, Sir John Rogerson’s Quay, Dublin 2, Ireland).

2. Orders and Transactions.

(a) Reseller Transactions. If Customer purchases Tenable Products through an authorized Tenable 
reseller (a “Reseller”), all
terms related to pricing, billing, invoicing and payment (“Payment Terms”) set forth in this 
Agreement (if any) shall not apply. For the
avoidance of doubt, all such Payment Terms shall be as agreed to between Customer and Reseller. To 
place an order, Customer shall
provide the Reseller with a purchase order (or other similar document acceptable to Reseller) in 
response to a valid quote from such
Reseller. Following Reseller’s receipt of such purchase order, Tenable shall issue a sales order 
confirmation or other similar order
acceptance document (the “Ordering Document”). No order shall be deemed accepted by Tenable 
until Tenable issues the Ordering
Document. The Ordering Document shall set forth all Products (and corresponding licensing metrics) 
purchased by Customer.

(b) Direct Transactions. If the Parties have agreed to transact directly, the following Payment 
Terms shall apply. Customer
agrees to pay all amounts due as specified in a Tenable invoice. Fees for Hosted Services are 
charged for access to the Host Environment
(as defined herein), not actual usage. Payment is due within thirty (30) days from the date of 
Tenable’s invoice to Customer. Customer
will pay directly or reimburse Tenable for any taxes (including, sales or excise taxes, value added 
taxes, gross receipt taxes, landing
fees, import duties and the like), however designated and whether foreign or domestic, imposed on 
or arising out of this Agreement.
Notwithstanding the foregoing, Tenable will be solely responsible for its income tax obligations 
and all employer reporting and payment
obligations with respect to its personnel. Customer agrees to pay Tenable without deducting any 
present or future taxes, withholdings
or other charges except those deductions it is legally required to make. If Customer is legally 
required to make any deductions or
withholding, Customer agrees to provide evidence of such withholding upon request. If a certificate 
of exemption or similar document
or proceeding is necessary in order to exempt any transaction from a tax, Customer shall provide 
such certificate or document to Tenable.

(c) Delivery and Installation. Delivery of Tenable Products (“Delivery”) shall be deemed to 
occur on the date of availability
for electronic download or electronic access. Tenable has no duty to provide installation services 
for Tenable Products unless installation
services are purchased separately.

3. Term and Termination.

(a) Agreement Term. This Agreement shall commence upon the Effective Date and continue until 
terminated in accordance
with the terms set forth herein.

(b) License Term and Renewals. The “License Term” is the term of the license or subscription 
for Products as set forth in the
Ordering Document. If this Agreement has been signed by both Parties, then unless otherwise agreed 
to in writing, any License Term,
including renewals, shall be governed by the terms set forth herein. If this Agreement has been 
accepted via shrinkwrap or clickthrough,
upon any renewal of the License Term, the terms then available at 
http://static.tenable.com/prod_docs/tenable_slas.html (or a
successor location) will govern such renewal. Customer agrees that use of the Products at the time 
of such renewal will be deemed full
and adequate acceptance of the updated terms.

(c) Termination for Cause. Either Party may terminate this Agreement for cause if the other Party 
materially breaches this
Agreement provided that such breaching Party has received written notice of such breach and failed 
to cure such breach within thirty
(30) days. If this Agreement is terminated for cause by either Party, Customer shall remove all 
copies of the Products from any Customer
systems and cease to use any Software or Hosted Services purchased hereunder. Further, Customer 
shall certify to Tenable that it has
returned or destroyed all copies of the Software. If this Agreement is terminated for cause by 
Tenable, Customer shall remain responsible
for any outstanding payment obligations throughout the rest of the License Term.

(d) Termination for Convenience. Customer may terminate this Agreement for any lawful reason upon 
ninety (90) days’ prior
written notice to Tenable. If Customer terminates for convenience, Customer shall not receive a 
refund and shall remain obligated to
pay for Products for which it has previously entered into a transaction as well as any additional 
payment obligations agreed upon prior
to the termination date.

4. Products.

(a) Product-Specific Terms. Pursuant to this Agreement, Customer may receive the right to use 
various Products as further
described in the attached schedules (each, a “Schedule”). Terms related to Customer’s use of 
Software are described in Schedule A
(Software). Terms related to Customer’s use of Hosted Services are described in Schedule B 
(Hosted Services). Terms related to the
provision of Professional Services are described in Schedule C (Professional Services). For each 
Product, Customer will have the right
to use the corresponding Documentation.

(b) Licensing Model. Product licenses shall be in accordance with the terms of the applicable 
licensing model as set forth in
the Documentation and/or the Ordering Document, which may include limitations on Scan Targets, 
compute, storage, resource
utilization, License Term, the number of users, seats, licenses and/or types of modules licensed. 
Product licenses shall commence upon
Delivery and shall be either perpetual or subscription in nature. Tenable shall use commercially 
reasonable efforts to meter resource
utilization and assess likeness or uniqueness of Scan Targets within each Product/module licensed. 
If Customer exceeds the license
restrictions, Customer must purchase an upgraded license to allow for all actual or additional 
usage, and Tenable or its Reseller may
promptly invoice Customer for any such overages at a price not to exceed Tenable’s then-current 
rates. Discrepancies in Scan Target
or utilization count is the sole responsibility of the Customer to resolve.

(c) Restrictions on Use. Customer shall not directly or indirectly: (i) decompile, disassemble, 
reverse engineer, or otherwise
attempt to derive, obtain or modify the source code of the Products; (ii) reproduce, modify, 
translate or create derivative works of all or
any part of the Products; (iii) remove, alter or obscure any proprietary notice, labels, or marks 
on the Products; (iv) without Tenable’s
prior written consent, use the Products in a service bureau, application service provider or 
similar capacity; (v) without signing Tenable’s
Managed Security Services Provider Addendum, use the Products to provide any managed service to a 
third party; (vi) use the Products
in order to create competitive analysis or a competitive product or service; (vii) copy any ideas, 
features, functions or graphics in the
Product; or (viii) without Tenable’s prior written consent, interfere with or disrupt performance 
of Hosted Services (e.g., perform
penetration testing on Tenable systems). Customer may only use the Products to manage or gather 
information from Scan Targets
owned or hosted by Customer or its Affiliates, or third parties for which Customer has received 
express authorization to Scan.

(d) Intellectual Property in Products. This Agreement does not transfer to Customer any title to or 
any ownership right or
interest in the Products. Any rights in the Products not expressly granted in this Agreement are 
reserved by Tenable. If Customer
provides Tenable with any comments, suggestions, or other feedback regarding the Product, Customer 
hereby assigns to Tenable all
right, title and interest in and to such feedback. For clarity, such feedback shall not contain 
Customer Confidential Information and shall
not reference or identify Customer or its users.

(e) Customer Requirements. In order to use the Products, Customer must meet or exceed the 
specifications found in the

(f) Product Features. Customer agrees that purchase of any Product is not contingent on the 
delivery of any future
functionality or features, or dependent on any oral or written public comments made by Tenable 
regarding future functionality or
features. Tenable reserves the right to withdraw features from future versions of the Products 
provided that: (i) the core functionality of
the affected Product remains the same; or (ii) Customer is offered access to a product or service 
providing materially similar functionality
as the functionality removed from the affected Product. The preceding remedies under this Section 
4(f) are the sole remedies available
if Tenable withdraws features from the Products.

(g) Rights Granted to Tenable. Provided that Tenable shall not publicly disclose any Customer 
Confidential Information,
Tenable may: (i) use Technical Data for reasonable business purposes, including Support Services, 
license validation, research and
development, feature creation, and Product testing; (ii) include aggregated and anonymized 
Technical Data in public materials; and (iii)
retain Technical Data which is anonymized after the termination of this Agreement.

(h) Hardware. Any Hardware purchased under this Agreement (if any) will be subject to the terms and 
conditions of Schedule
D located at http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location).

(i) Temporary Limitation. If Tenable reasonably believes: (i) Customer’s use of the Products 
places an unreasonable or
disproportionate burden on the Products; (ii) Customer’s use of the Products poses a risk or 
threat to the Products (including any systems
supporting the Products), Tenable, or a third party; or (iii) Customer’s usage exceeds the 
limitations of the license, then Tenable may
temporarily limit Customer’s access to or use of the Products or any specific feature therein. 
Tenable may also suspend or limit access
to the Products if Customer fails to make any payments related to this Agreement. Tenable will, to 
the extent practical under the
circumstances, use commercially reasonable efforts to provide Customer with prior written notice of 
any such limitation (email or in
product messaging shall be sufficient). When commercially reasonable, Tenable shall promptly 
restore access once the Customer has
remediated the issue. For the avoidance of doubt, Customer is responsible for all normal fees 
during any period for which usage or
access is limited pursuant to this section.

(j) Additional Details on Use Restrictions for Tenable Security Network Ireland Limited. The 
following shall only apply for
transactions with Tenable Security Network Ireland Limited. Notwithstanding anything in Section 
4(c), decompiling the Product is
permitted to the extent the laws of Customer’s jurisdiction give Customer the right to do so to 
obtain information necessary to render
the Products interoperable with other software; provided, however, that Customer must first request 
such information from Tenable and
Tenable may, in its discretion, either provide such information to Customer or impose reasonable 
conditions, including a reasonable fee,
on such use of the Products to ensure that its proprietary rights in the Product are protected.

5. Support.

(a) Support Services. Tenable shall provide Customer with support services (the “Support 
Services”) in accordance with
Tenable’s then-current Technical Support Plans (available at 
http://static.tenable.com/prod_docs/tenable_slas.html or a successor
location) and consistent with Tenable’s End of Life and End of Sale definitions contained 
therein. The Support Services include bug
fixes, updates (including new vulnerability plug-ins), or enhancements that Tenable makes generally 
available to users of the Products.
The Support Services also include the provision of new minor (Example: 1.1.x to 1.2.x, etc.) and 
major version releases of the Products
(Example: 1.x to 2.x, etc.).

(b) Support Fees. Standard Support Services for Products licensed for a finite License Term will be 
provided at no additional
charge beyond the license fee for the duration of the License Term. Support Services for Products 
licensed on a perpetual basis must
be purchased separately in advance. In all cases, premium support may be purchased at an additional 
charge. If during the course of a
perpetual license Customer terminates or fails to renew the Support Services, Customer may, at any 
time during the term of this
Agreement, request that Tenable reinstate the Support Services provided that Customer pays for the 
lapsed Support Services in an
amount equal to the total fees Customer would have paid for the Support Services between the time 
Customer’s Support Services lapsed
and the then-current date.

6. Confidentiality.

(a) Definition. “Confidential Information” means information learned or disclosed by a Party 
under this Agreement that
should reasonably be assumed to be confidential or proprietary, including the Products and the 
terms of this Agreement. Confidential
Information will remain the property of the disclosing Party, and the receiving Party will not be 
deemed by virtue of this Agreement or
any access to the Confidential Information to have acquired any right, title or interest in or to 
the Confidential Information.

(b) Obligations. Each Party agrees to only use the Confidential Information in connection with this 
Agreement or a purchase
hereunder. The receiving Party agrees to hold the disclosing Party’s Confidential Information 
confidential using at least the same level
of protection against unauthorized disclosure or use as the receiving Party normally uses to 
protect its own information of a similar
character, but in no event less than a reasonable degree of care. Each Party may share Confidential 
Information with its Affiliates or
authorized contractors in the performance of its duties under this Agreement; provided, however, 
that each Party shall be responsible to
ensure that such Affiliate or authorized contractors are bound by obligations of confidentiality at 
least as stringent as those set forth in
this Agreement.

(c) Exclusions. Confidential Information shall not include information that: (i) is already known 
to the receiving Party free of
any confidentiality obligation; (ii) is or becomes publicly known through no wrongful act of the 
receiving Party; (iii) is rightfully
received by the receiving Party from a third party without any restriction or confidentiality; or 
(iv) is independently developed by the
receiving Party without reference to the Confidential Information. Confidential Information does 
not include Scan Data that has been
aggregated or anonymized so that it is not attributable to the disclosing Party. If Customer 
requests or performs scans on third party
Scan Targets, and such third party inquires with Tenable about the scan, Tenable shall inform 
Customer and allow Customer to resolve
any disputes with the third party. If Customer fails to contact the third party, Customer agrees 
that Tenable may provide Customer’s
business contact information to the owner of the Scan Targets as well as to relevant authorities, 
and such disclosure shall not be
considered a breach of confidentiality.

(d) Sensitive Information. The Parties agree that Customer’s disclosure of sensitive, personal 
information (e.g., social security
numbers, national identity card numbers, personal credit card information, racial or ethnic origin, 
political opinions, religious or
philosophical beliefs, trade union membership, genetic data, biometric data, and health care data) 
(“Sensitive Information”) is not
required for Tenable to perform its duties under this Agreement or sell any Products hereunder. If 
Customer inadvertently or
unintentionally discloses any Sensitive Information to Tenable, Customer shall identify to Tenable 
that it has disclosed Sensitive
Information and Tenable shall promptly return and/or destroy such Sensitive Information.

(e) Legal Disclosures; Remedies. The receiving Party may disclose Confidential Information if 
required to do so by law
provided the receiving Party shall promptly notify the disclosing Party so that the disclosing 
Party may seek any appropriate protective
order and/or take any other action to prevent or limit such disclosure. If required hereunder, the 
receiving Party shall furnish only that
portion of the Confidential Information disclosure of which is legally required. The receiving 
Party acknowledges and agrees that the
breach of any term, covenant or provision of this Agreement may cause irreparable harm to the 
disclosing Party and, accordingly, upon
the threatened or actual breach by the receiving Party of any term, covenant or provision of this 
Agreement, the disclosing Party shall
be entitled to seek injunctive relief, together with any other remedy available at law or in 
equity. The receiving Party will notify the
disclosing Party promptly of any unauthorized use or disclosure of the disclosing Party’s 
Confidential Information.

7. Representations and Warranties; Disclaimer.

(a) Warranty of Authority. The Parties hereby represent and warrant that they have the full power 
and authority to enter into
this Agreement.

(b) Products. Product warranties and associated warranty periods are set forth in the relevant 

(c) Antivirus Warranty. Tenable represents it has taken commercially reasonable efforts to ensure 
that the Products, at the
time of Delivery, are free from any known and undisclosed virus, worm, trap door, back door, timer, 
clock, counter or other limiting
routine, instruction or design that would erase data or programming or otherwise cause the Products 
to become inoperable or incapable
of being used in the manner for which it was designed or in accordance with the Documentation.


8. Limitation of Liability.

(a) Direct Damages. The cumulative liability of one Party to the other for all claims arising from 
or relating to the Products
or this Agreement (including without limitation, any cause of action sounding in contract, tort or 
strict liability) shall be limited to proven
direct damages in an amount not to exceed, in the aggregate, the fees paid by Customer for the 
Products over the twelve (12) months
immediately prior to the event giving rise to the claim.

(b) Indirect Damages. Neither Party shall be liable to the other for any indirect, incidental, 
special, punitive, consequential or
exemplary damages regardless of the nature of the claim. This prohibition on indirect damages shall 
include, but not be limited to, claims
based on lost profits, cost of delay, any failure of Delivery, business interruption, cost of lost 
or damaged data, or liabilities to any third
parties even if such Party is advised of the possibility thereof.

(c) Carve Outs. The liability caps set forth in Sections 8(a) and 8(b) shall not apply to damages 
resulting from:
  (i) personal injury or death;
  (ii) fraud or willful misconduct;
  (iii) indemnification obligations set forth in Section 9 (Indemnification); or
  (iv) Customer’s breach of Section 4(c) (Restrictions on Use).

(d) Limitations; Time Period. Each of the limitations set forth in this Section 8 shall be enforced 
to the fullest extent of the
law. Any laws preventing such limitations shall only apply to the extent required by law and the 
remaining unaffected terms shall apply
in full. Unless expressly prohibited by law, each Party shall have a period of no greater than 
twelve (12) months from the date the cause
of action accrues to bring a claim against the other Party for such cause of action.

9. Indemnification.

(a) Indemnification Obligations.
  (i) By Tenable. Tenable shall (at its sole cost and expense): (i) defend and/or settle on behalf 
of Customer (including
Customer’s officers, directors, employees, representatives and agents); and (ii) indemnify 
Customer for, any third party claims brought
against Customer based upon a claim that Customer’s use of the Products in accordance with this 
Agreement infringes or misappropriates
such third party’s intellectual property rights in a jurisdiction which is signatory to the Berne 
  (ii) By Customer. Customer shall (at its sole cost and expense): (i) defend and/or settle on 
behalf of Tenable (including
Tenable’s officers, directors, employees, representatives and agents) and (ii) indemnify Tenable 
for, any third party claims brought
against Tenable arising out of or relating to Customer’s use of the Products to perform Scans on 
third party Scan Targets, except to the
extent that any such claim or action is caused by a failure of the Products to materially comply 
with the Documentation.

(b) In Case of Infringement. If Customer’s use of the Products is, or in Tenable’s opinion is 
likely to be, the subject of an
infringement claim, Tenable may, in its sole discretion and expense: (i) modify or replace the 
infringing Products as necessary to avoid
infringement, provided that the replacement Products are substantially similar in functionality; 
(ii) procure the right for Customer to
continue using the infringing Products; or (iii) terminate this Agreement and, upon Customer’s 
return or certified destruction of the
infringing Product, provide Customer a pro-rata refund calculated as follows: (x) for infringing 
Products licensed on a subscription
basis, the refund shall consist of any prepaid but unused fees for the remainder of the applicable 
License Term; or (y) for infringing
Software licensed on a perpetual basis or infringing Hardware, the refund shall consist of a 
straight line depreciation of the license fee
based on a three (3) year useful life as well as any prepaid but unused fees for separately charged 
Support Services. This Section 9 sets
forth Tenable’s sole and exclusive liability and Customer’s sole and exclusive remedy with 
respect to any claim of intellectual property

(c) Exclusions. Tenable shall have no liability with respect to a third party intellectual property 
infringement claim arising out
of: (i) modifications of the Product made by Customer or a party under its control to conform with 
Customer’s specifications; (ii)
modifications of the Product made by anyone other than Tenable or a Tenable authorized third party; 
(iii) Customer’s use of the Product
in combination with other products or services not provided by Tenable; (iv) Customer’s failure 
to use any updated versions of the
Product made available by Tenable; or (v) Customer’s use of the Product in a manner not permitted 
by this Agreement or otherwise not
in accordance with the Documentation.

(d) Requirements. The indemnitor shall only be responsible for the indemnification obligations set 
forth in this Section 9 if
the indemnitee: (i) provides the indemnitor prompt written notice of such action or claim; (ii) 
gives the indemnitor the right to control
and direct the investigation, defense, and/or settlement of such action or claim; (iii) reasonably 
cooperates with the indemnitor in the
defense of such a claim (at the indemnitor’s expense); and (iv) is not in breach of this 
Agreement. Nothing herein shall prevent the
indemnitee from engaging in defense of any such claim with its own legal representation, provided 
that this does not materially prejudice
the indemnitor’s defense. The indemnitor may not settle any claim on behalf of the indemnitee 
without obtaining the indemnitee’s prior
written consent; provided, however, the indemnitor shall not be required to obtain consent to 
settle a claim which settlement consists
solely of: (x) discontinued use of infringing Products and/or (y) the payment of money for which 
the indemnitor has a duty to indemnify.

10. Legal Compliance.

(a) Generally. The Products are intended solely for lawful purposes and use. Both Parties, and 
their agents and Affiliates,
agree to perform their respective obligations in an ethical manner that complies with all 
applicable national, federal, state and local laws,
statutes, ordinances, regulations and codes (“Applicable Laws”) including, without limitation, 
the Computer Fraud and Abuse Act
(CFAA), 18 USC Sec. 1030, the U.S. Foreign Corrupt Practices Act of 1977, as amended, and the UK 
Bribery Act of 2010. If Customer
violates this Section 10, Tenable may terminate this Agreement immediately.

(b) Trade Controls. Applicable Laws include U.S. export laws (including the International Traffic 
in Arms Regulation (ITAR),
22 CFR 120-130, and the Export Administration Regulation (EAR), 15 CFR Parts 730 et seq.) and the 
anti-boycott rules implemented
by the Departments of Commerce and Treasury. Information regarding export classifications of 
Tenable’s Products may be found on
its website (www.tenable.com/export-controls or a successor location). Customer agrees that it will 
be the exporter of record any time
it causes the Products to be accessed outside the United States or by a national of any country 
other than the United States. The Parties
further agree to comply with trade and economic sanctions, rules, and regulations of the United 
States, European Union, EU member
states, United Kingdom and other applicable government authorities and shall not engage in 
prohibited trade to persons or entities who
are the subject of an active sanction, embargo, or executive order. Customer hereby acknowledges 
and confirms that Customer
(including Customer’s officers, directors, employees, representatives and agents): (i) is not 
included on, owned or controlled by an
individual or entity included on, or acting on behalf of an individual or entity included on any of 
the restricted party lists maintained by
the U.S. Government (e.g., Specially Designated Nationals List, Foreign Sanctions Evader List, 
Sectoral Sanctions Identification List,
Denied Persons List, Unverified List, Entity List or List of Statutorily Debarred Parties) 
(collectively, “Restricted Parties”); (ii) will not
export, re-export, transfer, re-transfer or otherwise ship, directly or indirectly, the Products or 
related technology to or for use by or for
Restricted Parties; (iii) will not export, re-export, transfer, re-transfer or otherwise ship, 
directly or indirectly, the Products or related
technology to or for use in, by or for countries or territories subject to U.S. economic sanctions 
(e.g., Crimea, Cuba, Iran, North Korea,
or Syria); or (iv) will not use or sell the Products for nuclear end-uses, rocket systems, unmanned 
air vehicles, chemical or biological
weapons, maritime nuclear propulsion, weapons of mass destruction or other restricted end-uses 
except to the extent consistent with
Trade Control Laws.

(c) Data Processing Addendum. To the extent applicable, if Tenable is processing personal 
information on behalf of Customer
under any applicable data protection law (e.g., the European Union’s General Data Protection 
Regulation 2016/679), then such
processing shall be in accordance with Tenable’s Data Processing Addendum located at
http://static.tenable.com/prod_docs/tenable_slas.html (or a successor location).

11. Governing Law; Venue.

(a) For transactions with Tenable, Inc. and Tenable Public Sector LLC, this Agreement shall be 
governed in all respects by
the laws of the State of Delaware, USA, without regard to choice-of-law rules or principles. The 
Parties agree that: (i) no aspect or
provision of the Uniform Computer Information Transactions Act shall apply to this Agreement; and 
(ii) this Agreement shall not be
governed by the U.N. Convention on Contracts for the International Sale of Goods. The Parties 
hereby submit to the exclusive
jurisdiction of the courts of Howard County, Maryland, and the United States District Court for 
Maryland, Baltimore Division, for any
question or dispute arising out of or relating to this Agreement. Due to the high costs and time 
involved in commercial litigation before
a jury, the Parties waive all right to a jury trial with respect to any issues in any action or 
proceeding arising out of or related to this

(b) For transactions with Tenable Network Security Ireland Limited, this Agreement and any issues, 
disputes or claims arising
out of or in connection with it (whether contractual or non-contractual in nature such as claims in 
tort, from breach of statute or regulation
or otherwise) (“Disputes”) shall be governed by, and construed in accordance with, the laws of 
Ireland. Customer expressly agrees with
Tenable that this Agreement shall not be governed by the U.N. Convention on Contracts for the 
International Sale of Goods, the
application of which is expressly excluded. All Disputes arising out of or relating to this 
Agreement shall be subject to arbitration within
the meaning of the Arbitration Act 2010 or any legislation amending or repealing that act and shall 
be an arbitration conducted in Dublin,
Ireland in the English language and shall be governed by the Arbitration Act 2010. Notwithstanding 
the foregoing, nothing in this
Agreement shall limit the right of either Party to seek any injunctive, equitable or other 
interlocutory relief as it may be entitled to in the
Courts of Ireland.

12. Other Legal Clauses.

(a) Third Parties. Customer may permit a third party (“Customer’s Agent”) to use the Products 
to perform security services
for and on behalf of Customer but solely for Customer’s benefit and solely for Customer’s 
internal business purposes. Customer shall
be fully responsible for Customer’s Agent’s use of the Products, including liability for any 
breach of this Agreement or use beyond the
licensed quantities set forth in the Ordering Document. If Customer elects to utilize a 
Customer’s Agent to perform Scans on its behalf,
then only Customer’s Agent (and not Customer) will be permitted to contact Tenable Support 
Services. Tenable shall have the right to
withdraw its consent to the use of any Customer’s Agent in its reasonable discretion.

(b) Notices. Any legal notices or other communication pursuant to this Agreement must be in 
writing, in English, and will be
deemed to have been duly given when delivered if delivered personally or sent by recognized 
overnight express courier. All notices to
Tenable must be sent to the address described in this Agreement to the attention of the Legal 
Department (unless otherwise specified by
Tenable). All notices Tenable sends to Customer shall be at the physical address referenced in this 
Agreement (or otherwise provided
to Tenable). Tenable may provide notices with regard to Products via the email address Customer 
provided during Product registration
and Customer hereby consents to receive such communications from Tenable in an electronic form.

(c) Assignment. Neither Party may assign or otherwise transfer this Agreement without the other 
Party’s prior written consent,
which will not be unreasonably withheld; provided, however, either Party may transfer this 
Agreement to an Affiliate or in connection
with a merger or sale of all (or substantially all) of the stock or other ownership units of such 
Party. Customer must complete Tenable’s
License Assignment Request Form (to be provided upon request) in order to complete assignment of 
this Agreement.

(d) Force Majeure. With the exception of payment, neither Party shall be liable for any loss or 
delay (including failure to meet
the service level commitment) resulting from any force majeure event, including, but not limited 
to, acts of God, fire, natural disaster,
terrorism, labor stoppage, Internet service provider failures or delays, civil unrest, war or 
military hostilities, or criminal acts of third
parties, and any Delivery date shall be extended to the extent of any resulting delay.

(e) Language. The language of this Agreement is English and all invoices and other documents given 
under this Agreement
must be in English to be effective. No translation, if any, of this Agreement or any notice will be 
of any effect in the interpretation of
this Agreement or in determining the intent of the parties. The Parties have expressly agreed that 
all invoices and related documents be
drafted in English. The following shall apply solely for Agreements which are under French Canadian 
jurisdiction: C’est la volonté
expresse des parties que la presente convention ainsi que les documents qui s’y rattacent soient 
rediges en anglais.

13. Evaluations and NFR Licenses.

(a) Evaluations. If Customer wants to conduct an evaluation, proof of value or other similar trial 
of Tenable Products
(“Evaluation Products”), Tenable may (in its sole discretion) provide evaluation licenses for 
such Evaluation Products in accordance
with the following: (i) Customer shall have no obligation to make payment for such Evaluation 
Product for such evaluation usage; (ii)
the license term will expire at the end of the agreed-upon evaluation period, at which time 
Customer must either return or destroy the
Software and cease access to the Hosted Services; and (iii) Tenable shall have no obligation to 
provide Support Services.
Notwithstanding the foregoing, to facilitate a transition from an evaluation to a paid 
subscription, in certain cases Tenable may allow
Customer to continue to use containers (or otherwise migrate data) generated during an evaluation 
period. Customers may not use the
Evaluation Products to scan third party Scan Targets or provide a service to Customer’s clients.

(b) Container Access. Customer acknowledges that a Tenable employee may request access to the 
Evaluation Products in
the Customer environment (which may occur in a production container) in order to maximize the 
effectiveness of the Evaluation
Products and to set up certain configurations, and this may be done without the Customer being 
present but will be subject to prior
written consent from Customer.

(c) Early Access. Tenable may make some versions of Products available to Customer on an alpha, 
beta, or early access
basis (each, an “Early Access Product”). Customer’s access to the Early Access Product may be 
discontinued at any time. Early
Access Products remain subject to all applicable license restrictions. Tenable may not offer 
Support Services for Early Access
Products. No warranty or service level commitment made under this Agreement will apply to Early 
Access Products.

(d) Technology Partners. Tenable in its sole discretion may allow Customers who are technology 
partners (a “Technology
Partner”) to obtain an Evaluation license and use such evaluation license to create an 
interoperability (“Interoperability”) between
Tenable Products and their own products. At the conclusion of the Evaluation Term, Customer may 
apply for an NFR license at which
time Tenable may convert the Evaluation license to an NFR license. Tenable’s conversion to an NFR 
license shall be at Tenable’s sole
discretion and may require Interoperability validation by Tenable.

(e) NFR. If Customer is a sales partner or Technology Partner to whom a “Not For Resale” or 
“NFR” license has been granted,
Customer’s license to the Product will commence upon Delivery and continue for a period of one 
year (unless the Ordering Document
sets forth a different term) and shall automatically renew for consecutive one (1) year terms 
unless either Party provides the other Party
with written notice of its non-renewal of the NFR license at least thirty (30) days before the 
expiration of the then-current term.
Notwithstanding the foregoing, Tenable may terminate Customer’s NFR license for its convenience 
upon thirty (30) days’ notice, or
immediately should Customer breach any obligations under this Agreement.

(f) NFR Customer Prohibitions. Customer shall not purport to take on any obligation or 
responsibility, or make any
representations, warranties, guarantees or endorsements to anyone on behalf of Tenable, including 
without limitation, relating to Tenable
products, software, or services. Except as specifically permitted in this Agreement, Customer shall 
not state or imply that any of
Customer’s products have been endorsed, reviewed, certified or otherwise approved by Tenable. 
Customer may not use Products
provided under an NFR license: (i) in a production environment, (ii) to protect its own networks, 
(iii) as part of a service provided to its
customers, or (iv) to perform customer evaluations.

(g) NFR Customer Representations. Customer hereby represent and warrant to Tenable that: (i) 
Customer will not intentionally
harm the reputation or goodwill of Tenable through any act or omission, and (ii) Customer have used 
commercially reasonable efforts
to ensure that any software, code, algorithm, API, etc., transferred to Tenable is free from any 
time bomb, virus, drop dead device,
worm, Trojan horse, or trap door that is designed to delete, disable, deactivate, interfere with, 
or otherwise harm hardware, data, or other
programs or that is intended to provide access or produce modifications not authorized by Tenable.

(h) NFR Customer Responsibilities. Customer shall, at its sole cost and expense, defend (or at its 
option, settle) and indemnify
Tenable and Tenable’s subsidiaries and affiliates, and their officers, directors, employees, 
representatives and agents, from and against
any and all third party claims brought against Tenable based upon a claim that use of Customer’s 
software or Customer’s product in
accordance with this Agreement infringes such third party’s patent, copyright or trademark or 
misappropriates any trade secret, and shall
pay all settlements entered into and damages awarded to the extent based on such claim or action.

14. General.

This Agreement constitutes the entire agreement between the Parties, and supersedes all other prior 
or contemporaneous
communications between the Parties (whether written or oral) relating to the subject matter of this 
Agreement. No Customer document,
purchase order, request for proposal, or other specifications requirement shall modify, supersede, 
or become part of this Agreement, or
otherwise contractually bind Tenable unless signed by Tenable. The provisions of this Agreement 
will be deemed severable, and the
unenforceability of any one or more provisions will not affect the enforceability of any other 
provisions. If any provision of this
Agreement, for any reason, is declared to be unenforceable, the Parties will substitute an 
enforceable provision that, to the maximum
extent possible under applicable law, preserves the original intentions and economic positions of 
the Parties. Section headings are for
convenience only and shall not be considered in the interpretation of this Agreement. Customer 
agrees that Tenable may use Customer’s
name or logo in a customer list. Customer may not use Tenable’s name or logo without prior 
written consent and in accordance with
Tenable’s guidelines. No failure or delay by a Party in exercising any right, power or remedy 
will operate as a waiver of that right,
power or remedy, and no waiver will be effective unless it is in writing and signed by the waiving 
Party. If a Party waives any right,
power or remedy, the waiver will not waive any successive or other right, power or remedy the Party 
may have under this Agreement.
The Parties are independent contractors and this Agreement will not establish any relationship of 
partnership, joint venture, employment,
franchise or agency between the Parties. Nothing in this Agreement shall prevent Tenable from 
subcontracting any of its obligations
hereunder; provided, however, that Tenable’s use of a subcontractor shall not release Tenable 
from any duty or liability to fulfill its
obligations under this Agreement and Tenable shall be liable for any act or omission of a 
subcontractor to the same extent as if the act
or omission had been made by Tenable. This Agreement is not intended nor will it be interpreted to 
confer any benefit, right or privilege
in any person or entity not a party to this Agreement. Any party who is not a party to this 
Agreement has no right under any law to
enforce any term of this Agreement. Any provision of this Agreement that imposes or contemplates 
continuing obligations on a Party
and any section which by its nature is intended to survive will survive the expiration or 
termination of this Agreement, including Sections
3, 4, 6, 8, 9 and 11.

15. Government Entities. This Section 15 shall only apply to Government Customers, as defined 

If Customer is an agency or instrumentality of a sovereign government (a “Government 
Customer”), all Government Customer
end users acquire the rights to use and/or access the Products and or Services with only those 
rights set forth herein (consistent with 48
C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4). The terms and conditions of this 
Agreement govern Government
Customer’s use and disclosure of the Products and supersede any conflicting terms and conditions 
that may be applicable through the
Government Customer’s procurement regulations. If this Agreement fails to meet the Government 
Customer’s needs or is inconsistent
in any way with federal law, the government must return the Product, unused, to Tenable. If 
Customer is prohibited by law, regulation,
or relevant attorney general opinion from agreeing to any clause of this Agreement (collectively, 
“Restrictions”), the Agreement shall
be modified to the extent required under such Restrictions. Each of the components that constitute 
the Product is a “commercial item”
as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and/or 
“commercial computer software
documentation” as such terms are used in 48 C.F.R. 12.212.


This Schedule for Tenable Software is subject to and made part of the Agreement.

1. General. This Schedule governs Customer’s license of Software.

2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable 
license fees, Tenable grants
Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable 
license to use the Software
(in object code form only) solely for Customer’s or Customer’s Affiliates own internal business 
purposes. Customer’s right to
install such Software is limited to use with the computers or machines for which the Software is 
registered for use. Customer
is permitted to make one copy of the Software for backup or archival purposes.

3. Warranty. Tenable warrants that the Software shall materially conform to the Documentation for a 
period of thirty (30) days
after Delivery. Customer’s sole and exclusive remedy for breach of this warranty shall be for 
Tenable to, at its sole option: (i)
use commercially reasonable efforts to modify or correct the Software such that in all material 
respects it conforms to the
functionality described in the Documentation; or (ii) if Tenable is unable to restore such 
functionality within sixty (60) days,
Customer shall be entitled to a refund for the non-conforming Software.

4. Open Source and Third Party Software. Any code or other intellectual property included as part 
of the Software that was
licensed to Tenable by third parties that is not marked as copyrighted by Tenable is subject to 
other license terms that are
specified in the Documentation available on Tenable’s website at 
https://docs.tenable.com/licensedeclarations/ (or a successor
location). Customer agrees to be bound by such other license terms.

5. Compliance Rights. Tenable may, by itself or through an independent third party, review 
Customer’s usage of the Software to
confirm compliance with this Agreement or the applicable Ordering Document. Tenable shall: (i) 
provide Customer with
reasonable advance notice of the review; (ii) not request such review more than once per year; and 
(iii) not unreasonably
interfere with Customer’s business activities when conducting the review.


This Schedule for Tenable Hosted Services is subject to and made part of the Agreement.

1. General. This Schedule governs Customer’s use of the Hosted Services.

2. License; Right to Use. Subject to the terms of the Agreement and payment of the applicable 
license fees, Tenable grants
Customer for the duration of the License Term a non-exclusive, non-transferable, non-sublicensable 
right to access the Hosted
Environment and use those modules of the Hosted Services set forth on a valid Ordering Document 
solely for Customer’s or
Customer’s Affiliates own internal business purposes.

3. Warranty. Tenable warrants that the Hosted Services will materially comply with the 
functionality described in the
Documentation. Customer’s sole and exclusive remedy for breach of this warranty shall be for 
Tenable to use commercially
reasonable efforts to modify the Hosted Services to provide in all material respects the 
functionality described in the
Documentation. If Tenable is unable to restore such functionality within sixty (60) days, Customer 
shall be entitled to terminate
the Agreement and receive a pro-rata refund of any prepaid but unused fees for the nonconforming 
Hosted Services. Tenable
shall have no obligation with respect to a warranty claim hereunder unless Customer notifies 
Tenable of such claim within
thirty (30) days of the date the underlying condition first arose. This warranty shall only apply 
if the applicable Hosted Service
has been utilized in accordance with the Agreement and the Documentation.

4. Acknowledgements. By initiating a Scan, Customer authorizes Tenable to access the Scan Targets 
in the context of the Scans.
Customer understands and acknowledges that the Scans may originate or appear to originate from a 
Tenable URL which could
cause Customer (or the owner of the Scan Targets) to believe they are under attack. Customer agrees 
not to pursue any claims
against Tenable as a result of any access to Scan Targets when such access was made in connection 
with an authorized Scan
unless such a claim is based on the gross negligence or willful misconduct of Tenable.

5. Usage Requirements. Customer must provide current and accurate information in all submissions 
made in connection with the
Hosted Services, including registration information and the location of the Scan Targets to be 
Scanned. Tenable may, in its
reasonable discretion, prohibit or suspend access of certain users of the Hosted Services. In the 
event Tenable suspects or
anticipates such suspension, Tenable will, to the extent practical under the circumstances, use 
commercially reasonable efforts
to provide Customer with prior written notice of the suspension and an opportunity to cure the 
issue prior to (and in avoidance
of) suspension. Customer acknowledges that under certain circumstances such prior notice and/or 
cure period may not be
possible or practical. Customer agrees to safeguard and maintain the confidentiality of all user 
names and passwords. Customer
further agrees to use best efforts to ensure that no unauthorized parties have access to the Hosted 
Services through Customer’s
account and/or log-in credentials. Customer will promptly notify Tenable of any unauthorized access 
of which Customer is
aware or reasonably suspects. Customer is responsible for compliance with this Agreement and all 
use of the Hosted Services
through Customer’s account.

6. PCI Scans. Tenable makes no guarantee that a successful completion of a PCI Scan will make 
Customer compliant with the
Payment Card Industry Data Security Standard.

7. Data Retention Policy. Customer has the option to select the duration of the data retention 
period of Scan Data in the Hosted
Environment in accordance with the limitations described in the Documentation. Customer 
acknowledges that Tenable is in
no way responsible for any of Customer’s data retention compliance requirements. Tenable’s data 
retention policy with respect
to PCI Scans will match then-current requirements set forth by the PCI Security Standards Council.

8. Service Level Agreement. Tenable commits to make access to the Hosted Environment available in 
accordance with Tenable’s
then-current service level agreement, available at 
http://static.tenable.com/prod_docs/Service_Level_Agreement.pdf (or a
successor location).


This Schedule for Tenable Professional Services is subject to and made part of the Agreement.

1. General. The Parties may agree, from time to time, on the purchase and sale of Tenable 
Professional Services, which may be
further described in a separate SOW or Services Brief. Except as otherwise agreed to by the Parties 
in writing, all Services
Briefs or SOWs will be governed by this Agreement. In the event of inconsistency between the 
Agreement and a signed SOW,
the signed SOW shall govern.

2. Type of Services. Tenable offers a range of Professional Services; provided, however, unless 
otherwise agreed upon in writing,
Tenable does not offer creation of custom intellectual property. Tenable is not obligated to 
provide any Professional Services
except as mutually agreed in a Services Brief or SOW.

3. Deliverables. “Deliverable(s)” means the reports, analysis, codes, scripts, slides, 
documents, examples and other written
materials or work results provided as part of the Professional Services.

4. Intellectual Property Rights.

(a) Grant of License in Deliverables. Tenable grants Customer a non-exclusive, non-transferable, 
irrevocable (except in case of
breach of the Agreement or SOW) perpetual right to use, copy and create derivative works from the 
Deliverables (without the
right to sublicense) for Customer’s or Customer’s Affiliates internal business operations, as 
contemplated by the applicable
SOW or Services Brief.
(b) Reservation of Rights. Except for the rights expressly granted herein to Customer, Tenable 
expressly reserve all other rights
in and to the Professional Services and Deliverables. Notwithstanding anything to the contrary in 
this Schedule, nothing shall
prevent Tenable from providing similar Professional Services to other customers and nothing in this 
Schedule shall be construed
to provide any intellectual property rights whatsoever in the Products (or any modifications or 
enhancements thereto) that
Tenable develops or makes generally available for sale to its customers.
(c) Pre-Existing Materials. Any pre-existing materials, proprietary item or intellectual property 
rights of either Party which is
disclosed or used in performing the Professional Services shall remain fully vested in such Party. 
Nothing in this Schedule
shall transfer any rights whatsoever in Tenable’s Products. Customer hereby grants to Tenable the 
intellectual property rights
(if any) required for Tenable to perform the Professional Services.

5. Warranty. Tenable warrants that all Professional Services shall be performed in a professional 
manner and in accordance with
industry standards. Tenable further warrants for a period of ten (10) days from the service 
completion date that the Professional
Services shall materially conform to the applicable SOW or Services Brief. If Customer provides 
written notice of a nonconformity
during this warranty period, Tenable shall promptly confirm the non-conformity and upon 
confirmation, Tenable’s
entire liability and Customer’s exclusive remedy shall be for Tenable to use commercially 
reasonable efforts to re-perform the
Professional Services within a reasonable amount of time. If Tenable is unable to re-perform the 
Professional Services, then
Tenable may elect to refund amounts paid by Customer for the non-conforming Professional Services.

6. Scheduling; Cancellation. Professional Services must be scheduled within nine (9) months of the 
date of the Ordering
Document under which such Professional Services were purchased and completed within twelve (12) 
months of the Ordering
Document. If Customer does not schedule the Professional Services within this time frame, Tenable 
shall have no obligation
to perform the Professional Services or provide a refund. Tenable shall have no obligation to 
perform the Professional Services
or provide a refund if Customer or Customer’s designated attendees do not attend a scheduled 
training session or cancel a
Professional Services engagement without providing proper notice. Customer must provide Tenable at 
least five (5) business
days’ notice to reschedule any Professional Services. Tenable reserves the right, directly or 
through a Reseller, to invoice
Customer monthly for travel expenses incurred in the prior month.

7. Customer Responsibilities. For Professional Services occurring on Customer’s site, Tenable 
agrees to comply with applicable
and reasonable security procedures provided Customer provides Tenable with such written procedures 
in advance. Some of
the Professional Services may require Customer to have specialized knowledge or meet particular 
software or hardware
requirements (for example, appropriate computers or appliances, stable Internet connection or 
up-to-date web browsers or
operating system, etc.). If technical issues arise during the Professional Services, Tenable will 
use commercially reasonable
efforts to resolve such issues, but will have no liability based on Customer’s failure to meet 
technical requirements. Tenable
will not provide any refund based on Customer’s failure to meet these prerequisites.

8. Changes. Either Party may request that a change be made to the Professional Services. Tenable 
reserves the right to charge a
fee for any material changes to the Professional Services. No changes shall be binding unless 
executed by both Parties.

9. Non-Solicitation. During the term that Professional Services are being provided and for a period 
of one (1) year after their
completion, Customer will not, either directly or indirectly, solicit for employment any person 
employed by Tenable or any of
its Affiliates that have provided Customer Professional Services under this Agreement. For the 
avoidance of doubt, this
restriction shall not prevent Customer from hiring based on a response to Customer’s advertising 
in good faith to the general
public a position or vacancy to which an employee or worker of Tenable responds, provided that no 
such advertisement shall
be intended to specifically target Tenable personnel.

Tenable Confidential and Proprietary                     Tenable Master Agreement v.6 2.2023

Thank you!