Page 1 of 12

Service Description: Cisco Security Implementation Services

This document describes the Cisco Security Implementation Services.

Related Documents: This document should be read in conjunction with the following documents also posted at
[Link] : (1) Glossary of Terms; (2) List of Services Not Covered; and (3)
Severity and Escalation Guidelines. All capitalized terms in this description have the meaning ascribed to them
in the Glossary of Terms.

Direct Sale from Cisco. If you have purchased these Services directly from Cisco, this document is
incorporated into your Master Services Agreement (MSA), Cisco Services Agreement (ASA), or equivalent
services agreement executed between you and Cisco. If you have no applicable agreement in place, the
following terms will apply:
[Link]
Accept_Agreement_sample.pdf (the applicable terms being the, “Agreement”). All capitalized terms not
defined in in any supplemental definitions within this document have the meaning ascribed in the Agreement. If
not already covered in your Agreement, this document should be read in conjunction with the Related
Documents identified above. In the event of a conflict between this Service Description and your Agreement,
this Service Description shall govern.

Sale via Cisco Authorized Reseller. If you have purchased these Services through a Cisco Authorized
Reseller, this document is for description purposes only; is not a contract between you and Cisco. The contract,
if any, governing the provision of this Service will be the one between you and your Cisco Authorized Reseller.
Your Cisco Authorized Reseller should provide this document to you, or you can obtain a copy of this and other
Cisco service descriptions at [Link] All capitalized terms not defined in
any supplemental definitions within this document have the meaning ascribed in the Glossary of Terms at the
above URL.
 Page 2 of 12

Table of Contents
Table of Contents .................................................................................................................................................. 2
1.0 Services Summary ....................................................................................................................................... 4
2.0 Security Implementation Services ............................................................................................................. 4
2.1 Project Management Services ............................................................................................................... 4
2.1.1 Service Summary .............................................................................................................................. 4
2.1.2 Cisco Responsibilities may include the following ............................................................................ 4
2.1.3 Customer responsibilities may include: ............................................................................................ 4
2.2 Requirements Workshop ....................................................................................................................... 5
2.2.1 Service Summary .............................................................................................................................. 5
2.2.2 Cisco Responsibilities may include the following: ........................................................................... 5
2.2.3 Customer Responsibilities may include the following: .................................................................... 5
2.2.4 Deliverable(s) may include the following: ....................................................................................... 5
2.3 Design Services ....................................................................................................................................... 5
2.3.1 Service Summary .............................................................................................................................. 5
2.3.2 Cisco Responsibilities may include the following:........................................................................... 5
2.3.3 Customer Responsibilities may include the following: .................................................................... 6
2.3.4 Deliverable(s) may include the following: ....................................................................................... 6
2.4 Validate Services .................................................................................................................................... 6
2.4.1 Service Summary .............................................................................................................................. 6
2.4.2 Cisco Responsibilities may include the following: ........................................................................... 6
2.4.3 Customer Responsibilities may include the following: .................................................................... 6
2.4.4 Deliverable(s) may include the following: ....................................................................................... 7
2.5 Migrate Services ..................................................................................................................................... 7
2.5.1 Service Summary .............................................................................................................................. 7
2.5.2 Cisco Responsibilities may include the following: ........................................................................... 7
2.5.3 Customer Responsibilities may include the following: .................................................................... 7
2.5.4 Deliverable(s) may include the following: ....................................................................................... 7
2.6 Implement Services ................................................................................................................................ 8
2.6.1 Service Summary .............................................................................................................................. 8
2.6.2 Cisco Responsibilities may include the following: ........................................................................... 8
2.6.3 Customer Responsibilities may include the following: .................................................................... 8
2.6.4 Deliverable(s) may include the following: ....................................................................................... 8
2.7 Knowledge Transfer Services ................................................................................................................ 8
2.7.1 Service Summary .............................................................................................................................. 8
2.7.2 Cisco Responsibilities may include the following ............................................................................ 8
2.7.3 Customer responsibilities may include: ............................................................................................ 9
2.8 Health Check Services ........................................................................................................................... 9
2.8.1 Service Summary .............................................................................................................................. 9
Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL
Cisco Security Implementation [Link]
 Page 3 of 12

2.8.2 Cisco Responsibilities may include the following ............................................................................ 9

2.8.3 Customer responsibilities may include ............................................................................................. 9
2.9 Performance Tuning & Support ........................................................................................................... 9
2.9.1 Service Summary .............................................................................................................................. 9
2.9.1 Cisco Responsibilities may include the following ............................................................................ 9
2.9.2 Customer responsibilities may include ........................................................................................... 10
2.10 Integration Services.............................................................................................................................. 10
2.10.1 Service Summary ............................................................................................................................ 10
2.10.2 Cisco Responsibilities may include the following .......................................................................... 10
2.10.3 Customer responsibilities may include: .......................................................................................... 10
3.0 Assumptions, Exclusions, and Additional Terms ................................................................................... 11
Appendix - A........................................................................................................................................................ 11

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 4 of 12

1.0 Services Summary

Service Overview. The Cisco Security Implementation Services provides activities designed to help Customer
successfully implement its Cisco security technology products and services. The Service supports
implementation activities for following Cisco Security Products:

• Next Generation Firewall (NGFW):

o ASA with Firepower Services
o Firepower Threat Defense
• Identity Services Engine (ISE)
• Stealthwatch

This Service Description is intended to provide an indicative summary of the Services Cisco will provide to
Customer. The details of the Services will be provided in paper or electronic document (e.g. Service Order,
Statement of Work (SOW), quote, proposal or online order submission), signed or otherwise agreed to by the
Customer, that references or incorporates the Service Description and specifies the details of the Services
purchased by Customer, such as pricing, payment terms, and other commercial terms, identifies Products to be
implemented or migrated, and describes any additional Customer and Cisco Responsibilities (“Ordering
Documents”).

2.0 Security Implementation Services

2.1 Project Management Services

2.1.1 Service Summary
Cisco will provide project management services to manage the overall delivery of Cisco security
services.
2.1.2 Cisco Responsibilities may include the following
• Provide Customer with a list of designated Cisco personnel roles and responsibilities
• Work with Customer to identify and document dependencies, risks and issues associated with the
successful completion of the project
• Provide a project plan highlighting deliverables, corresponding milestones, planned project events,
resourcing, responsibilities and timescales
• Participate in scheduled project review meetings or conference calls, if required.
• Provide handover documentation, follow on actions and recommendations, lessons learned, and reports
(if necessary) upon project completion
2.1.3 Customer responsibilities may include:
• Provide the Cisco project manager with a list of designated Customer personnel roles and
responsibilities

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 5 of 12

• Ensure that key Customer personnel (such as architecture design and planning, network engineering,
network operations personnel) are available to provide information and to participate in review
sessions, workshops and other information gathering activities.
• Identify primary and backup Customer authorized site contacts who shall provide necessary information,
provide onsite access and coordinate with other organizations/third parties with respect to Services at
that site
• Participate in scheduled project review meetings or conference calls, if required
• Coordinate with, and manage any external third parties, in relation to deliverables and schedules.
• Perform responsibilities identified in any project plan
2.2 Requirements Workshop
2.2.1 Service Summary
The Requirements Workshop is an interactive session between Cisco and Customer to determine, define,
and validate the implementation or migration requirements.
2.2.2 Cisco Responsibilities may include the following:
• Work with Customer to perform interviews, to gather network documentation and other required
information necessary to complete the implementation and migration activities.
• Work with Customer to create Customer Requirements Document (CRD).
• If in scope, install Data Collection Tools
2.2.3 Customer Responsibilities may include the following:
• Provide Cisco permission to install Data Collection Tools on Customer’s infrastructure, as applicable.
• Provide Cisco requested documentation, topologies, or requirements related to the successful completion
of the project
• Ensure that relevant resources are available to attend any project status meetings or requirements
workshops
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested
2.2.4 Deliverable(s) may include the following:
• Customer Requirements Document. The Customer Requirements Document (CRD) verifies the
Customer’s requirements to be incorporated into this Service based upon Cisco recommended practices.

2.3 Design Services

2.3.1 Service Summary
The Design services will provide a high-level architectural design and/or an implementation-ready detailed
solution design of Cisco Products and Services (“Cisco Solution”) as further detailed in the Ordering
Documents.
2.3.2 Cisco Responsibilities may include the following:
• Work with Customer to review, validate, and revise any existing architectural or logical network and
application designs
• Work with Customer to document design(s) and/or configurations
Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL
Cisco Security Implementation [Link]
 Page 6 of 12

2.3.3 Customer Responsibilities may include the following:

• Provide Cisco requested documentation, topologies, or requirements related to the successful completion
of the project
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested
• Review, provide feedback and accept High Level Design and/or Low Level Design Documents as
applicable

2.3.4 Deliverable(s) may include the following:

• High Level Design Document. The High-Level Design (HLD) document provides a logical network
and application design of the proposed Cisco Solution addressing documented business and technical
requirements. HLD may include some or all of the following: a) Customer objectives; b) Customer
requirements; c) System description; and/or d) Key risks of the design, recommendations and proposed
changes to the design to help mitigate risks, if any.

• Low Level Design Document. The Low-Level Design (LLD) document may include some or all of the
following: a) network logical and physical topology; b) security design; c) sample configurations
templates for Cisco infrastructure devices; d) software release recommendations based on features
and/or functionality; and e) hardware platform recommendations.

2.4 Validate Services

2.4.1 Service Summary

The Validate service element supports the testing of the Cisco Solution using means such as a lab environment,
testing resources, a proof of concept or Cisco Solution pilot. The details resources provided for the of the
Validate service element will be detailed in the Ordering Documents.
2.4.2 Cisco Responsibilities may include the following:
• Work with Customer to perform proof of concept or pilot related tasks which may include setting up
hardware or software in a lab, providing or obtaining access to software licenses, documenting success
metrics, performing test cases, and troubleshooting issues related to the proof of concept or pilot
• Work with Customer to document validation activities and support plan(s)
2.4.3 Customer Responsibilities may include the following:
• Provide Cisco requested documentation, topologies, or requirements related to the successful completion
of the project
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 7 of 12

• Provide those resources listed in the Ordering Document or Validation Plan to support testing
• Review and promptly provide feedback on the results of any testing conducted
2.4.4 Deliverable(s) may include the following:
• Validation Plan. The Validation Plan provides tasks, timelines, owners related to the proof of concept
or pilot to be performed. This plan may include test cases and expected results, POC and/or pilot
success metrics, and validation support plan.
• Validation Support. Validation Support provides remote support of validation related activities and
tasks.

2.5 Migrate Services

2.5.1 Service Summary
The Migrate Services will provide a priorities-based, phased approach to solution migration & upgrades.
2.5.2 Cisco Responsibilities may include the following:
• Work with Customer to document migration requirements and migration procedure documents
• Work with Customer to document activities, tasks, timelines, and owners related to solution migration
• Work with Customer to gather information on existing infrastructure and validate all migration
prerequisites for execution
• Work with Customer and confirm the contingency timeframe with the appropriate rollback plan and
schedule
• Work with Customer to perform migration activities, either on site or remotely, which may include: a)
verifying all software versions and upgrade, as appropriate; b) upgrading and/or replacing necessary
hardware; and c) configuring software
• Work with Customer to perform execution of migration tests and documentation of test results.
• Provide support during and post Cisco Solution migration, as applicable
• Perform any tasks specifically identified as a Cisco Responsibility in any Migration Plan or in any
Ordering Documents as part of migration or post migration support.
2.5.3 Customer Responsibilities may include the following:
• Provide Cisco requested documentation, topologies, or requirements related to the successful completion
of the project
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested
• Perform any tasks specifically identified as a Customer Responsibility in any Migration Plan or in any
Ordering Documents as a part of migration or post migration support
2.5.4 Deliverable(s) may include the following:
• Migration Plan. The Migration Plan provides the tasks, timelines, and owners related to solution
implementation

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 8 of 12

2.6 Implement Services

2.6.1Service Summary
The Implement service element provides assistance for implementation plans, acceptance testing, solution
implementation support and/or post-implementation support.
2.6.2Cisco Responsibilities may include the following:
• Work with Customer to document activities, tasks, timelines, and owners related to Cisco solution
implementation
• Work with Customer to document test plans and expected results to validate solution implementation
• Provide support during and post solution implementation, as applicable
• Work with Customer to deliver any knowledge transfer workshop(s) related to the project
• Perform any tasks that are specifically listed as a Cisco Responsibility in any mutually agreed, written
Implementation Plan, Acceptance Test Plan, or Ordering Documents as a part of implementation or
post implementation support
2.6.3Customer Responsibilities may include the following:
• Provide Cisco requested documentation, topologies, or requirements related to the successful completion
of the project
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested
• Attend any knowledge transfer workshop(s) on topics related to the project
• Perform any tasks that are specifically listed as a Customer Responsibility in any mutually agreed,
written Implementation Plan, Acceptance Plan, or Ordering Documents as a part of implementation or
post implementation support.
2.6.4Deliverable(s) may include the following:
• Implementation Plan. The Implementation Plan provides the tasks, timelines, and owners related to
solution implementation.
• Acceptance Test Plan. The Acceptance Test Plan provides test cases, expected results, and is updated
to include actual acceptance testing results and remediation plan.

2.7 Knowledge Transfer Services

2.7.1 Service Summary
The Knowledge Transfer service element customer may involve training related to project deliverables,
solution administration, project or support hand-off and/or basic troubleshooting. Unless otherwise provided in
the Ordering Documents, Cisco will conduct one knowledge transfer session per year during the term.
2.7.2Cisco Responsibilities may include the following
• Provide information to Customer regarding any course summaries and pre-requisites for Customer
personnel nominated to attend the knowledge transfer workshop
• Determine an appropriate format and delivery method for the knowledge transfer workshop

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 9 of 12

• Conduct remote and/or onsite knowledge transfer sessions

• Provide related knowledge transfer material (if any)
2.7.3Customer responsibilities may include:
• Provide Cisco with the names and basic profiles of personnel attending the knowledge transfer
workshop
• If the knowledge transfer workshop(s) are held at the Customer facility, ensure that the facility is
capable and has all the resources of supporting the knowledge transfer workshop(s), in Cisco’s
determination.
• Ensure that Customer’s personnel attending the knowledge transfer workshop(s) meet all course pre-
requisites identified by Cisco attend the workshop(s), and participate in the workshop activities

2.8 Health Check Services

2.8.1 Service Summary
Cisco will perform a Security Health Check for the Security Product implemented by Cisco Services in the
timeframes and frequency identified in the Ordering Documents.
2.8.2Cisco Responsibilities may include the following
• Analyze security device (which may require the use of Data Collection Tools at Customer’s site) and/or
available devices logs and reports
• Recommend tuning changes to policy and devices configurations based on industry and Cisco standards.
• Recommend design or architecture reviews, if needed
• Identify potentially relevant and under-utilized product and solution capabilities
• Perform interactive tuning session(s) with Customer to implement tuning recommendations on the
security device(s)
• Provide a Security Health Check Report in conjunction with the above activities
2.8.3Customer responsibilities may include
• Review and authorize Cisco’s recommendations for tuning
• Assisting with interactive tuning session with Cisco to implement tuning recommendations
• Maintain a valid Support agreement for the in-scope security devices for the Health Check activities

2.9 Performance Tuning & Support

2.9.1 Service Summary
Cisco will provide Security Performance Tuning Support for the Security product implemented by Cisco
Services in timeframes and frequency identified in the Ordering Documents.
2.9.1 Cisco Responsibilities may include the following
• Analyze security devices
• Recommend tuning changes to policy and devices configurations
Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL
Cisco Security Implementation [Link]
 Page 10 of 12

• Recommend design or architecture reviews, if needed

• Perform one (1) interactive tuning session with Customer to implement tuning recommendations
• Provide an informal (email) summary of key findings, tuning recommendations, and tuning performed
2.9.2Customer responsibilities may include
• Provide electronic remote access to Cisco to devices such that analysis and tuning may be completed
• Review and authorize Cisco’s recommendations for tuning
• Change management and scheduling of performance tuning
• Assist with interactive tuning session with Cisco to implement tuning recommendations
• Maintain a valid Support agreement for the in-scope security devices for the Performance Turning
activities

2.10 Integration Services

2.10.1 Service Summary
Cisco will provide Integration services to enable integration of Third Party connections into the Cisco Solution.
2.10.2 Cisco Responsibilities may include the following
• Work with Customer to discuss current design, readiness and third party connectors
• Work with Customer to document activities, tasks, timelines, and owners related to solution integration
• Work with Customer to plan integration strategy and specification for Customer environment
• Work with Customer to install and configure the third party connections to Cisco powered Security
solutions
• Work with Customer to deliver any knowledge transfer related to the project
2.10.3 Customer responsibilities may include:
• Designate a person to whom all Cisco communications may be addressed and who has the authority to
act on all aspects of the service
• Participate in the meetings before and during the service engagement with Cisco personnel, and provide
relevant information on third party systems and connections
• Provide Cisco current designs, readiness status and relevant requested documentation, topologies, and/or
requirements related to the successful completion of the project
• Review any documentation provided by Cisco during the delivery of these services and promptly
provide feedback as requested
• Attend any knowledge transfer workshop sessions on topics related to the project
• Obtain any third-party rights required for Cisco to perform the activities above
• Identify any third-party product interactions and dependencies for Cisco and Customer evaluate and
integrate
• Provide qualified resources to assist with integration activities

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 11 of 12

3.0 Assumptions, Exclusions, and Additional Terms

• Customer is responsible for determination and implementation of Customer design requirements,

implementation of any recommendations provided by Cisco and for determining if the receipt and use of
any Services or Deliverables complies with applicable laws. Cisco recommendations are based upon
information provided to Cisco at the time of the services. In no event shall Cisco be liable for the
accuracy or completeness of the information contained in the Cisco recommendations.
• Service Description should be read in conjunction with the Advanced Services General Assumptions
and Exclusions document posted at: [Link]/go/servicedescriptions which is hereby
incorporated for reference. To the extent there is a conflict between the terms of this Service Description
and such document, the terms of this Service Description shall control.
• All services will be provided in the English language unless otherwise agreed to by Customer and Cisco.
• The basis in which to accept or reject Deliverables is substantial conformance with its specifications or
description. Where any Service element contains Deliverables, the Customer will have five business
days in which to accept the Deliverables or they are deemed accepted. If Customer rejects any
Deliverable, it will notify Cisco in writing of its rejection and provide written details as to basis for the
rejection.
• Cisco may collect information about your network and the type of traffic traversing the network
(“Network Data”). Network Data does not include the network content. Cisco uses Network Data in
order to provide, maintain, improve, market or promote the Services. You acknowledge that Cisco may
freely use the Network Data as long as it does not include any network content, is in a form that does not
identify or imply Customer or any Customer end users, and is aggregated with other Network Data. In
any event, Cisco will comply at all times with applicable law related to Cisco’s collection and use of all
Telemetry Data and will use reasonable physical, technical, and procedural means to protect the
Network Data in accordance with Cisco’s privacy policy found
here: [Link]

Appendix - A

The following list of Service Work Items (Delivery Tags) for is provided for reference:

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]
 Page 12 of 12

Work Items Delivery Tags

NGFW ISE Stealthwatch
Requirements Workshop OPT-ISS-NGFW-RW OPT-ISS-ISE-RW OPT-ISS-SW-RW
Design Services OPT-ISS-NGFW-DS OPT-ISS-ISE-DS OPT-ISS-SW-DS
Validate Services OPT-ISS-NGFW-VS OPT-ISS-ISE-VS OPT-ISS-SW-VS
Implement Services OPT-ISS-NGFW-IS OPT-ISS-ISE-IS OPT-ISS-SW-IS
Migrate Services OPT-ISS-NGFW-MS OPT-ISS-ISE-MS OPT-ISS-SW-MS
Knowledge Services OPT-ISS-NGFW-KS OPT-ISS-ISE-KS OPT-ISS-SW-KS
Health Check OP-ISS-NGFW-HC OP-ISS-ISE-HC OP-ISS-SW-HC
Performance Tuning & Support OPT-ISS-NGFW-PT OPT-ISS-ISE-PT OPT-ISS-SW-PT
Project Management OPT-ISS-NGFW-PM OPT-ISS-ISE-PM OPT-ISS-SW-PM
Integration Services ( third-party
connections) OPT-ISS-NGFW-ITS OPT-ISS-ISE-ITS OPT-ISS-SW-ITS

Controlled Doc. #EDM-123160988 Ver: 1.0Last Modified:4/14/2017 [Link] PM CISCO CONFIDENTIAL

Cisco Security Implementation [Link]