afeld
commented
7 years ago You're right, it needs some clarification in the README. Here is our internal guidance that drove the need for this tool in the first place:
Considerations for allowing applications
- If the service does not have a Privacy Policy, it will not be authorized.
- If the service does not have a Terms of Service, it will not be authorized.
- If the application is listed on apps.gov, it can be authorized. Skip to the next step.
- If the application has a Negotiated Terms of Service, it can be authorized. Skip to the next section.
- If the application has an "indemnification clause" in its Terms of Service (look for the words “indemnification”, “indemnify”, “hold harmless”, or “defend”):
- If we are not paying for the application, it will not be authorized.
- If we are paying for the application, it can be authorized.
- If the application is owned by a foreign entity, and it has a “governing law” or “jurisdiction” clause in its Terms of Service, that either puts the current relationship or any future disagreements or suits outside the legal boundaries of the United States:
- If we are not paying for the application, it will not be authorized.
- If we are paying for the application through a US company, it can be authorized.
Basically, if the service does have those specific clauses, we need to dig in further to see if the clauses affect use in the US government. Does that help give some context?
For some reason, the URL finds the privacy policy and the ToS but cannot find the entirety of the contents and/or finds it but doesn't know what to do?
i.e. Key: green - pass magenta - soft fail red - hard fail
http://www.cnn.com/ privacy policy: http://www.cnn.com/privacy ToS: http://www.cnn.com/terms indemnity clause: found (needs further investigation) governing_law clause: found (needs further investigation)