Cybersecurity attacks continue to increase in frequency and sophistication for the Aerospace and Defense industry. Adversaries are targeting anyone who possesses the sensitive information they seek including the government, prime contractors, and suppliers. It is imperative that our suppliers understand what’s at stake and recognize our shared role in protecting sensitive information and intellectual property. A single mistake or breach could have enormous consequences for our customers, our business, the Aerospace & Defense Industry, and national security. To manage this risk, Lockheed Martin has put together a three pronged strategy in conjunction with suppliers.  

Understanding Posture


Lockheed Martin must understand a supplier’s capability to protect sensitive information and manage cyber security risk. Suppliers vary in their capabilities to address cyber threats and protect sensitive information. We have several initiatives underway to understand a supplier’s cybersecurity capabilities including two supplier cybersecurity questionnaires at Exostar.






Building Awareness


Lockheed Martin and our partners have defined a cybersecurity questionnaire based on the Center for Internet Security Critical Security Controls.  Completing this questionnaire is often a foundation for a supplier’s cybersecurity awareness. Lockheed Martin facilitates supplier cybersecurity awareness through  participation in targeted outreach events and supplier development and mentoring.




Reducing Risk


One of the keys to delivering mission success for any program or customer is the ability to manage risks in whatever form. Lockheed Martin and its suppliers must work together to ensure that the appropriate risk mitigations are in place to protect sensitive information and deliver results. 





Incident Reporting

It is our customer and our expectation that we will be notified if any information provided as part of, or
generated in support of, contract performance is
impacted as a result of a cybersecurity incident. 



Adhering to DoD Cybersecurity Requirements


All Department of Defense (DoD) contractors and subcontractors are required to comply with the Defense Federal Acquisition Regulation (DFARS) interim rule that replaces the DoD’s prior Unclassified Controlled Technical Information (“UCTI”) Rule, imposing new baseline security standards and significantly expanding the information that is subject to safeguarding and can trigger the reporting requirements. 



Please direct any supplier cybersecurity questions to