Skip to Content

Ongoing Enablement Description - FedRAMP

ReliaQuest's Security Operations Platform – GreyMatter – is powered by Ongoing Enablement. Ongoing Enablement is the security expertise and codified best practices delivered by ReliaQuest personnel through GreyMatter to achieve Customer outcomes. This Ongoing Enablement Description is limited to those ReliaQuest customers who have purchased a subscription to the FedRAMP-authorized version of GreyMatter pursuant to an Order. To the extent included in the scope of an Order, the Ongoing Enablement delivered to Customer may include:

1. Implementation

ReliaQuest will assign an implementation specialist who is responsible for managing the implementation process. The implementation process is done remotely and starts with a kickoff call with the Customer. The following will be delivered during implementation:

  • Setup of site-to-site VPN and/or API integration of GreyMatter
    • ReliaQuest is authorized to use Third Party Platform Providers to support or enable the ReliaQuest Platform.
  • Workflow configuration to include data flows, communication mapping, and change management
  • Configuration of GreyMatter for Customer environment:
    • Modification of parsing and field mapping for GreyMatter Sources (direct and/or indirect connection)
    • GreyMatter Detect and tuning of ReliaQuest Labeled Content
    • GreyMatter Health for applicable Storage Technologies (SIEM, Data Lake, etc.)
    • GreyMatter Intel for threat intelligence integration

2. Customer Success Manager

The Customer Success Manager is responsible for ensuring customer success. The Customer Success Manager will provide the following:

  • Develop and maintain the Customer Roadmap
  • Coordinate and deliver reporting and analytics including quarterly or periodic executive business reviews
  • Communicate with pertinent teams for GreyMatter enhancement and feature requests
  • Partner with Customer teams to ensure GreyMatter is being fully utilized to optimize overall security posture to attain positive business outcomes

3. ReliaQuest Supported Sources

A ReliaQuest Supported Source is any technology that GreyMatter connects to, either directly or indirectly, to deliver its capabilities. If the connection is indirect, a supported storage tool is required. GreyMatter's capabilities depend on the supported Source and the connection type:

  • Direct Source (Direct Connection): GreyMatter connects directly to the source technology via API, enabling real-time data retrieval and potential response actions.
  • Indirect Source (Indirect Connection): GreyMatter accesses the source's data through a supported storage solution (such as a SIEM or Data Lake). The data is first collected and stored in the storage solution before GreyMatter retrieves it.
    • Security tools that send their data to Storage Technologies often are referred to as log source technologies
    • Log Source Technologies contribute to the capacity, volume or other metric (e.g., EPS, GBS, SVC) utilized in the Storage Technology

4. GreyMatter Health Support

  • GreyMatter Health is utilized to monitor the performance of applicable Sources and Storage Technologies, including:
    • Identifying detected outages and the source of the problem
    • Health support for cloud-based technologies has limitations attributable to the level of access provided by the hosting provider
  • Health support will vary based on the technology provider, the following is included:
    • Monitoring source device feeds to ensure that events are being received and parsed correctly
    • Monitoring of Core Components to ensure event receipt, processing, and forwarding are being performed correctly
    • Monitoring of system performance to ensure normal utilization ranges
    • Consult on patching, software updates, maintenance, performance tuning, and troubleshooting for any Core Components (to the extent applicable and as agreed upon by the parties)
    • Review and recommend event filtering of data collection as needed or applicable
    • ReliaQuest will utilize parsers for Indirect Sources (Log Source Technologies) supported by the applicable Storage Technology (SIEM, Data Lake, etc.) using the methodology provided or defined by the OEM of such Storage Technology.

5. GreyMatter Detect

GreyMatter Detect centralizes management of ReliaQuest Labeled Content, with transparent visibility into detection logic and deployment status. All detection logic is deployed remotely via API by connecting to a Storage Technology, directly at the Source, or a combination of both. The following will be delivered as part of the Ongoing Enablement:

5.1. Rule Tuning

  • After implementation, ongoing tuning will be performed "on demand" to support the Customer's environment
  • Tuning may be performed by the Customer directly in GreyMatter or requested by the Customer by contacting a Customer Success Manager, the Security Operations Center, or through the RQ Portal
  • Rule tuning is limited to the ReliaQuest Labeled Content

5.2. Detection

The detection deployment cadence is determined based on the Customer's Sources and priorities including:

  • Continual updates and tuning of existing ReliaQuest Labeled Content
  • Newly developed Content as applicable
  • Customer requirements (i.e., lists, reference sets, or other Customer context) must be available at least thirty (30) days prior to next release window to allow for necessary tuning periods. Customer requirements that are not provided within that timeframe will be scheduled for the next release cycle.
  • For storage solutions, Indirect Sources (Log Sources Technologies) must be available in the SIEM/Data Lake environment at the appropriate logging levels at least thirty (30) days prior to next release window for ReliaQuest to verify readiness and perform the necessary parsing. Any Log Source Technologies that are not in the environment at the appropriate logging levels within that timeframe will be scheduled for integration at the next release cycle.

5.3. Emergency Content

The purpose of Emergency Content is to provide immediate coverage for high-risk malware outbreaks such as WannaCry, NonPetya, etc., until anti-virus and malware vendors respond with appropriate signatures. As part of this coverage, Customer will have pre-defined rules created which will reference a centrally provisioned set of indicators of compromise (associated malicious IPs, domains, hashes, or signatures) which are pulled hourly from GreyMatter Intel. These are generic detections that allow ReliaQuest to upload IPs, domains, hashes as needed. Deployment of Emergency Content is at the sole discretion of ReliaQuest; however, the following general guidelines apply:

  • The exploit or malware campaign propagates unabated (e.g., WannaCry)
  • The impacts to Customer present an extreme or critical risk
  • The exploit or campaign applies to the majority of ReliaQuest's other customers
  • The campaign has gained the attention of the press at the national level

6. Incident Analysis and Response

ReliaQuest will provide alert triage and qualification which will include:

  • Providing context for a triggered alert that can be gained from data within GreyMatter
  • Providing feedback to the Customer team for Source or Content tuning
  • Escalating all potential true-positive alerts from ReliaQuest Labeled Content to Customer teams per configured escalation paths
  • ReliaQuest will have the ability to leverage production "playbooks" within the GreyMatter Respond capability for automation of enrichment, containment, and remediation actions

Ongoing enablement does not include ReliaQuest performing any of the below:

  • Taking any potentially destructive response actions such as wipe/reimage of a machine or device, forensic capture to a legal standard, advanced techniques such as advanced malware reversing (disassembly) or encryption/hash cracking, etc.

6.1. Threat Hunting

GreyMatter Hunt allows the Customer and ReliaQuest to perform threat hunting campaigns to identify threats and/or anomalous activity, limited to the scope in the Order, including:

  • ReliaQuest will proactively perform threat hunting campaigns leveraging GreyMatter, in response to high risk and/or visibility threats or attacks, as determined by ReliaQuest in its sole discretion. Examples of high risk or visibility attacks include WannaCry, Solarwinds, Kaseya, etc.
  • Hunt campaigns will identify any known threats or anomalous activity in the Customer's environment up to ninety (90) days prior to the date the campaign was conducted.
  • Threat hunting will be conducted autonomously by ReliaQuest when applicable, based on the industry vertical, profile of targeted organization, and technology footprint of the customer.
  • ReliaQuest shall notify Customer within a reasonable period of time if ReliaQuest believes that it has identified a threat within Customer's environment as a result of a threat hunting campaign.

7. Customer Responsibilities

Customer responsibilities are outlined in the following section:

7.1. Connectivity

  • Customer will create a ReliaQuest API token for health monitoring for applicable Storage Technologies.
  • Customer agrees to set up policy-based Site-to-Site Virtual Private Networking (VPN) tunnels to ensure proper routing between ReliaQuest and Customer.
    • Policy based VPNs ensure that traffic is routed to the proper customer tunnel by eliminating IP conflicts.
    • By leveraging Network Address Translation (NAT), ReliaQuest can use a unique source for each customer which ensures a unique encryption domain regardless of the destination. Every major firewall manufacturer supports at least interoperability with policy-based VPN devices.
  • On premise systems in scope will be directly accessible via the mutual site to site VPN.
  • Customer will provide timely support in troubleshooting issues with connectivity to include opening the necessary ports on their firewalls to enable traffic.
  • Customer will communicate in advance to ReliaQuest, any change to the IP, Port, Hostname, parameters of the Site-to-Site VPN, or changes to any other technology in scope of the Order, or necessary for connecting to the technologies in scope of the Order, to ensure the delivery of the Ongoing Enablement activities are not substantively impacted.

7.2. Access

  • ReliaQuest will have access to Customer's GreyMatter instance to perform the actions outlined in the Ongoing Enablement Description.
  • ReliaQuest will not have direct access to any of the technologies with the Customer's environment, and Customer is responsible for taking all necessary or appropriate actions outside GreyMatter.
  • Customer will provide any additional access required to facilitate GreyMatter interaction.

7.3. Customer Response

If the Customer does not provide feedback/closure communication within fifteen (15) days of an alert firing, ReliaQuest reserves the right to transition that rule into a tuning state. This means if there is no feedback or response from Customer around alerts escalated, ReliaQuest can move a rule into tuning.

7.4. GreyMatter Direct Sources

Customer is responsible for meeting the following requirements for GreyMatter Direct Sources to ensure proper functionality and support:

  • Must be deployed and fully operational prior to engagement.
  • Must be on a version supported by GreyMatter for compatibility.
  • Customers must maintain active support and maintenance agreements.
  • Customers must permit ReliaQuest to configure the technology to run various maintenance tasks on the hosts, including but not limited to cron jobs, scheduled tasks, and PowerShell commands.
  • Customers must collaborate with ReliaQuest to provide access to applicable Sources.
  • Customers are responsible for addressing any core technology issues (e.g., OEM bugs) and working with the OEM to remediate them.

7.5. Automation Right

Customer acknowledges and agrees that ReliaQuest reserves the right to Automate, in whole or in part, any of the Ongoing Enablement activities or GreyMatter features or functionalities, including, but not limited to, automatic retrieval and temporary storage of data. Customer further acknowledges and agrees that, in connection with the provision of the Ongoing Enablement and the ReliaQuest Platform, ReliaQuest may collect and analyze Customer's data using Automated processing techniques and/or manual (human) review to develop, train, produce, and enhance the automation and analytics models, features, and functionalities of the ReliaQuest Platform. To the extent ReliaQuest holds, stores, or processes any of Customer's data, such data shall be held in accordance with the requirements as specified in the Order.

7.6. Modification of ReliaQuest Content

ReliaQuest Labeled Content should only be modified by the Customer leveraging the features available in GreyMatter. If ReliaQuest Labeled Content is modified by Customer or any third party outside of the process defined in GreyMatter, ReliaQuest will not be responsible for any negative repercussions including but not limited to, response times, Storage Technology or Source issues, or other issues caused by the changes. If Customer would like to modify ReliaQuest Labeled Content, Customer can leverage GreyMatter, submit a ticket with requested modifications, or make such request directly to a Customer Success Manager in writing.

7.7. Documentation

ReliaQuest recommends Customer provide the following documentation to aid ongoing enablement:

  • Latest risk assessment and/or penetration test that includes most credible threats and highest severity vulnerabilities
  • Full Log Source list with asset categories (compliance, critical, or other classification)
  • List of compliance requirements (SOX, HIPAA, PCI, etc.)
  • Security team contact information
  • Scanning schedules and IP addresses for both internal and external scanners

7.8. Acknowledgments; Dependencies; Remedy

This Ongoing Enablement Description is limited to those ReliaQuest customers who have purchased a subscription to the FedRAMP-authorized version of GreyMatter. When customers elect to use the FedRAMP-authorized version of GreyMatter, ReliaQuest's level of access and support capabilities, and thereby GreyMatter's features and functionalities, are limited as compared to a non-FedRAMP-authorized instance of GreyMatter. The Ongoing Enablement activities are dependent upon Customer's compliance with the Customer responsibilities described herein and the accuracy and completeness of any data, access or other information necessary for the provision of GreyMatter and the Ongoing Enablement. To the extent Customer has any disputes or claims arising out of or related to the Ongoing Enablement activities described herein, Customer's sole and exclusive remedy for such disputes or claims is as set forth in the warranties, exclusive remedies, exclusions, and disclaimers provisions of the PSA.

8. Capitalized terms

Capitalized terms used herein not defined in context have the meanings set out in this Section 8:

  • 8.1. "Automate" or "Automated" means the use of automated processes or systems, including large language models, machine learning, or other artificial intelligence capabilities, to perform tasks or generate analysis through or in connection with GreyMatter.
  • 8.2. "Content" means the methodology, design, logic, and construction (including all code and scripts) of ReliaQuest Labeled Content designed to detect, correlate, and flag actionable activity.
  • 8.3. "Content Artifact" means an alert, rule, or report.
  • 8.4. "Core Component" means any component, or system that is required to normalize, aggregate, store and visualize data for a technology with the exception of agents.
  • 8.5. "Customer" means the opposite party to ReliaQuest in the Order and the party to which ReliaQuest is providing the ongoing enablement in the Order.
  • 8.6. "Customer Roadmap"means the plan developed by ReliaQuest.
  • 8.7. "Customer Success Manager" means a ReliaQuest dedicated point of contact responsible for customer success.
  • 8.8. "Direct Connection” or “Direct Sources” means GreyMatter connects directly to the source technology via API, enabling real-time data retrieval and potential response actions.
  • 8.9. "Emergency Content" means a set of detection(s) that alerts on known malicious activity based on data gathered from GreyMatter Intel.
  • 8.10. "Endpoint" means any device, system, application, or resource owned or managed by the Customer that is monitored, tracked, or managed via GreyMatter. The endpoint count includes all physical, virtual, and cloud-based resources, whether active or provisioned unless otherwise specified in the Order.
  • 8.11. "GreyMatter" means ReliaQuest's Security Operations Platform developed by ReliaQuest and any other related ReliaQuest software tools, programs, or platforms, whether existing now or developed by ReliaQuest during the Order, including any enhancements, derivatives, or developments. The Specifications for GreyMatter (including its components, capabilities, and add-ons) are as described in the Product Schedule.
  • 8.12. "GreyMatter Agentic Teammates" or "GreyMatter Agentic Teammate" means an add on to GreyMatter, each of which is a role-based Automated component of GreyMatter designed to augment specific security operations center functions by providing Automated analysis and contextual recommendations. GreyMatter Agentic Teammates support and extend the existing capacities of human security operators to monitor, investigate, and respond to security events.
  • 8.13. "GreyMatter Detect" means a capability which centralizes management of ReliaQuest Labeled Content authored by ReliaQuest and various technology vendors, with transparent visibility into detection logic and deployment status. ReliaQuest uses GreyMatter Detect to deploy ReliaQuest Labeled Content across the environment connecting through a Storage Technology or Source.
  • 8.14. "GreyMatter Health" means the GreyMatter capability which supports the overall health of the Storage Technology.
  • 8.15. "GreyMatter Hunt" means the GreyMatter capability which supports threat hunting potentially leveraging data from Customer's Direct Source or Indirect Source.
  • 8.16. "GreyMatter Intel" means the GreyMatter capability which supports threat intelligence automation, aggregation, normalization, and dissemination of machine-readable threat intelligence.
  • 8.17. "GreyMatter Investigate” means the GreyMatter capability which supports the triage and analysis of ReliaQuest Labeled Content.
  • 8.18. "GreyMatter Respond" means the GreyMatter capability which supports the actions to enrich data and/or contain or remediate threats.
  • 8.19. "HIPAA" means the Health Insurance Portability and Accountability Act of 1996.
  • 8.20. "Indirect Connection” or “Indirect Sources" means GreyMatter accesses the source's data via a storage solution (SIEM, Data Lake, etc.), where the data is first collected and stored before GreyMatter retrieves it.
  • 8.21. "IP" means internet protocol.
  • 8.22. "IT" means information technology.
  • 8.23. "Log Source" means a data source that creates and sends logs to a Storage technology.
  • 8.24. "Log Source Technology" or "Log Source Technologies” means the security tool (Vendor, Product Name, Function) sends data to a Storage Technology.
  • 8.25. "OEM" means original equipment manufacturer.
  • 8.26. "Ongoing Enablement" means the activities described in this Ongoing Enablement description, which activities may be performed remotely or from the ReliaQuest Service Locations.
  • 8.27. "Parser" means code used to assist in the processing of log events.
  • 8.28. "PCI" means payment card industry.
  • 8.29. "Platform and Support Agreement" or "PSA" means the Platform and Support Agreement between ReliaQuest and Customer, including the terms and conditions applicable to customer's access to and use of the FedRAMP-authorized version of GreyMatter. To the extent ReliaQuest and Customer have mutually-executed a separate definitive agreement governing ReliaQuest's provision of GreyMatter and the Ongoing Enablement activities to Customer, such agreement shall be considered the Platform and Support Agreement or PSA as such terms are used herein.
  • 8.30. "ReliaQuest Authored Detections" means detection researched, developed, and released by ReliaQuest.
  • 8.31. "ReliaQuest Service Locations" means the ReliaQuest facilities located in: (i) the United States of America; and (ii) except otherwise stated in an Order, North America, India, European Union, United Kingdom, Singapore, or any other service location opened or started by ReliaQuest during the term of the Order. Except as otherwise stated in an Order, Customer consents to the performance of Ongoing Enablement activities under an Order from each ReliaQuest Service Location at any time, as determined by ReliaQuest, in ReliaQuest's sole discretion.
  • 8.32. "ReliaQuest Labeled Content" means ReliaQuest Authored Detections and/or Vendor Authored Detections that ReliaQuest has agreed to manage. All ReliaQuest Labeled Content is stored in GreyMatter Detect.
  • 8.33. "ReliaQuest Supported Sources" or "Sources" means any technology that GreyMatter connects to, either directly or indirectly, to deliver its capabilities, as specifically set forth in Appendix 1 (ReliaQuest Supported Sources) to this Ongoing Enablement Description. If this Ongoing Enablement Description is attached as an exhibit or addendum to an Order, then the version of Appendix 1 included as part of such Ongoing Enablement Description shall not apply to such Order, and the version of Appendix 1 included in the Ongoing Enablement Description available at https://www.reliaquest.com/ongoing-enablement-fedramp/ shall apply to such Order.
  • 8.34. "RQ Portal" means the portal where ReliaQuest provides alert data reporting to Customer. The RQ Portal is currently hosted by ServiceNow and Customer consents to the use of RQ Portal for the provision of Ongoing Enablement under an Order.
  • 8.35. "SIEM" means security, information, and event management software.
  • 8.36. "SOC" means security operation center.
  • 8.37. "SOX" means Sarbanes Oxley act of 2002.
  • 8.38. "Storage Technology" or "Storage Technologies" means technologies designed for the long-term storage of data reported by monitoring source technologies.
  • 8.39. "Term" means the period of time set forth in the applicable Order during which Customer is authorized by ReliaQuest to access and use GreyMatter and entitled to receive Ongoing Enablement support.
  • 8.40. "Third Party Platform Providers" means the third party platform providers, as designated by ReliaQuest from time to time, who support or enable ReliaQuest to provide GreyMatter and the Ongoing Enablement to Customer, as set forth and updated from time-to-time at: https://www.reliaquest.com/platform-sub-processors/. For the avoidance of doubt, ReliaQuest may nominate or withdraw Third Party Platform Providers upon notice to Customer (notice through GreyMatter, the RQ Portal, or other electronic means being sufficient).
  • 8.41. "Vendor Authored Detections" means detections developed or disseminated by the vendor of the applicable third-party technology platform which are then aligned and integrated with ReliaQuest's proprietary suite of detections. Vendor Authored Detections are not eligible for any warranty provided in connection with Security Tool Content.
  • 8.42. "VPN" means virtual private network.

Appendix 1: ReliaQuest Supported Sources

GreyMatter connects to the Sources listed in the table below either directly or indirectly.

  • Direct Connection: GreyMatter connects directly to the Source technology via API, enabling real-time data retrieval and potential response actions.
  • Indirect Connection: GreyMatter access the Source's data via a Storage Technology (SIEM, Data Lake, etc.), where the data is first collected and stored before GreyMatter retrieves it.
Source Technologies GreyMatter Connection Method Storage Solution Compatibility (Indirect Connection)
Amazon AWS CloudTrail Direct & Indirect Sumo Logic Log Analytics Platform, Cisco Splunk, Microsoft Azure Sentinel, Amazon AWS Security Lake, Google GCP Security Operations, Devo Platform, SentinelOne Singularity AI SIEM, CrowdStrike Falcon Next-Gen SIEM, IBM QRadar, Exabeam New-Scale SIEM
Amazon AWS S3 (Simple Storage Service) Direct
Cisco Splunk Direct & Indirect Cisco Splunk, IBM QRadar, Google GCP Security Operations
Cisco Umbrella Direct & Indirect Cisco Splunk, Devo Platform, Sumo Logic Log Analytics Platform, Microsoft Azure Sentinel, IBM QRadar, Google GCP Security Operations, Exabeam New-Scale SIEM, SentinelOne Singularity AI SIEM
CrowdStrike Falcon Adversary Intelligence Direct
CrowdStrike Falcon Insight XDR Direct & Indirect Devo Platform, CrowdStrike Falcon Long Term Repository, IBM QRadar, Sumo Logic Log Analytics Platform, Exabeam New-Scale SIEM, CrowdStrike Falcon Next-Gen SIEM, Google GCP Security Operations, Microsoft Azure Sentinel, Cisco Splunk
Google GCP Security Operations Direct
Google Workspace Direct & Indirect Cisco Splunk, Sumo Logic Log Analytics Platform, Devo Platform, Microsoft Azure Sentinel, IBM QRadar, Google GCP Security Operations
Microsoft Active Directory Direct & Indirect Datadog Cloud SIEM, Microsoft Azure Sentinel, CrowdStrike Falcon Next-Gen SIEM, Sumo Logic Log Analytics Platform, SentinelOne Singularity AI SIEM, Cisco Splunk, IBM QRadar, Google GCP Security Operations, Exabeam New-Scale SIEM, The OpenSearch Project OpenSearch
Microsoft Azure Cloud Direct
Microsoft Defender for Cloud Direct & Indirect IBM QRadar, Exabeam New-Scale SIEM, Cisco Splunk, Microsoft Azure Sentinel
Microsoft Defender for Cloud Apps Direct & Indirect Microsoft Azure Sentinel, Cisco Splunk, IBM QRadar, Exabeam New-Scale SIEM
Microsoft Defender for Office 365 Direct & Indirect Exabeam New-Scale SIEM, SentinelOne Singularity AI SIEM, Cisco Splunk, Google GCP Security Operations, Sumo Logic Log Analytics Platform, IBM QRadar, Microsoft Azure Sentinel
Microsoft Entra ID Direct & Indirect The OpenSearch Project OpenSearch, CrowdStrike Falcon Next-Gen SIEM, Cisco Splunk, Palo Alto Networks Cortex XSIAM, Devo Platform, SentinelOne Singularity AI SIEM, IBM QRadar, Google GCP Security Operations, Microsoft Azure Sentinel, Exabeam New-Scale SIEM, Sumo Logic Log Analytics Platform
Microsoft Office 365 Direct & Indirect Cisco Splunk, IBM QRadar, Exabeam New-Scale SIEM, Microsoft Azure Sentinel, SentinelOne Singularity AI SIEM, Devo Platform, Google GCP Security Operations, Sumo Logic Log Analytics Platform
Microsoft Office 365 Cloud App Security Direct & Indirect Devo Platform
Okta Identity Direct & Indirect Devo Platform, Palo Alto Networks Cortex XSIAM, CrowdStrike Falcon Next-Gen SIEM, Google GCP Security Operations, Exabeam New-Scale SIEM, Microsoft Azure Sentinel, IBM QRadar, SentinelOne Singularity AI SIEM, Cisco Splunk, Sumo Logic Log Analytics Platform
Proofpoint Targeted Attack Protection (TAP) Direct & Indirect Cisco Splunk, SentinelOne Singularity AI SIEM, Palo Alto Networks Cortex XSIAM, Google GCP Security Operations, Sumo Logic Log Analytics Platform, CrowdStrike Falcon Next-Gen SIEM, Exabeam New-Scale SIEM, Devo Platform, IBM QRadar, Microsoft Azure Sentinel
Saviynt Identity Cloud Enterprise Direct
SentinelOne Singularity Endpoint Direct & Indirect Sumo Logic Log Analytics Platform, Google GCP Security Operations, IBM QRadar, Cisco Splunk, Microsoft Azure Sentinel
Trend Micro Cloud One Direct
Wiz Cloud Security Platform Cloud Direct & Indirect Cisco Splunk, SentinelOne Singularity AI SIEM, Google GCP Security Operations, Microsoft Azure Sentinel, Sumo Logic Log Analytics Platform, IBM QRadar

ReliaQuest will make reasonable efforts to maintain support for the Direct Sources and Indirect Sources described in the above table. The supported technology Sources are subject to change from time-to-time. ReliaQuest cannot guarantee the connectivity or availability of any or all technology Sources, nor be responsible for changes or errors in the technology Sources or how they interface or connect with GreyMatter. In addition, GreyMatter's connection to any technology Sources may involve the use of compute power, storage capacity, or other licensing-based metrics or restrictions. Customers are solely responsible for verifying and complying with the terms, conditions, and costs associated with any such connectivity.