- Business Unit Procurement Information
- Doing Business with Lockheed Martin
- Sustainable Supply Chain Management
- Prompt Payments
- Supplier & Industry Initiatives
- Terms and Conditions
- Supplier News
- Suppliers Site Map
- Get Connected
- Who's Knocking
- What We Buy
- Veterans Corner
- eTraining and Video Center
- Government Outreach Programs
- Frequently Asked Questions
Cybersecurity attacks continue to increase in frequency and sophistication for the Aerospace and Defense industry. Adversaries are targeting anyone who possesses the sensitive information they seek including the government, prime contractors, and suppliers. It is imperative that our suppliers understand what’s at stake and recognize our shared role in protecting sensitive information and intellectual property. A single mistake or breach could have enormous consequences for our customers, our business, the Aerospace & Defense Industry, and national security. To manage this risk, Lockheed Martin has put together a three pronged strategy in conjunction with suppliers.
Lockheed Martin must understand a supplier’s capability to protect sensitive information and manage cyber security risk. Suppliers vary in their capabilities to address cyber threats and protect sensitive information. We have several initiatives underway to understand a supplier’s cybersecurity capabilities including two supplier cybersecurity questionnaires at Exostar.
Lockheed Martin and our partners have defined a cybersecurity questionnaire based on the Center for Internet Security Critical Security Controls. Completing this questionnaire is often a foundation for a supplier’s cybersecurity awareness. Lockheed Martin facilitates supplier cybersecurity awareness through participation in targeted outreach events and supplier development and mentoring.
One of the keys to delivering mission success for any program or customer is the ability to manage risks in whatever form. Lockheed Martin and its suppliers must work together to ensure that the appropriate risk mitigations are in place to protect sensitive information and deliver results.
Adhering to DoD Cybersecurity Requirements
All Department of Defense (DoD) contractors and subcontractors are required to comply with the Defense Federal Acquisition Regulation (DFARS) interim rule that replaces the DoD’s prior Unclassified Controlled Technical Information (“UCTI”) Rule, imposing new baseline security standards and significantly expanding the information that is subject to safeguarding and can trigger the reporting requirements.
Please direct any Supplier Cyber Security questions to firstname.lastname@example.org