Understanding Posture

supplier-cyber-posture-460

Understanding a supplier’s ability to protect sensitive information and manage cyber security risk is important to Lockheed Martin and helps us make decisions on how best to manage risk.  We use a variety of methods such as supplier briefings, assessments, information sharing sessions, and the Supplier Cyber Security Questionnaire to understand a supplier’s cyber security readiness.

Supplier Cyber Security Questionnaire
Lockheed Martin has developed a Supplier Cyber Security Questionnaire to provide an initial indication of cyber security readiness.  We ask that all suppliers with whom we share sensitive information complete and maintain the supplier cyber security questionnaire in their Exostar profile.  This section of the profile includes a series of questions that will help us better understand your cyber security readiness and manage risks associated with sharing sensitive information.  As your cyber security capabilities evolve please make sure you update the cyber security questionnaire. 

How to Complete and Maintain the Questionnaire:

  • Go to https://portal.exostar.com and login
  • Click on the “My Account” tab
  • Click on “View Organization Details”
  • Click on “View in Trading Partner Manager (TPM)”
  • (Must have Organization Administrator rights to access TPM; to see who has those rights please see the “Organization Administrator” section of the “View Organization Details” page)
  • Click “Continue” if prompted
  • Click on “Cyber Security” on the left side menu

The questionnaire should take about 30-45 minutes to complete. We suggest that you print a copy of the questionnaire, meet with your IT security team to gather the necessary information, and then input your company’s responses into your Exostar profile.  You can print of copy of the questionnaire by answering “Yes” to the first question: “Does your company receive sensitive information from a third-party company (i.e. one of the Exostar partners: Lockheed Martin, BAE Systems, Boeing, Northrop Grumman, Raytheon, and Rolls-Royce)?” and then clicking on the “Generate Cyber Security Report” link.

If you need help answering the Cyber Security Questionnaire, please see our answers to Frequently Asked Questions.

Supplier Briefings
Supplier briefings are information sharing sessions where we discuss the newest and most pressing cyber security threats, cyber security best practices, and how to better manage risk.  These sessions are collaborative in nature and are helpful in introducing suppliers to organizations and teams that can provide ongoing threat and risk management information. 

Supplier Assessments
Lockheed Martin conducts onsite discussions and objective evidence reviews in coordination with suppliers.  The assessments look at items like cyber security controls, risks, and potential signs of cyber security damage in order to help Lockheed Martin and the supplier understand the extent of their cyber security capabilities, their ability to protect sensitive information and deliver secure products and services.  

Please direct any Supplier Cyber Security questions to supply-chain-cyber-security.lm@lmco.com