June 12, 2018 --
Our customers count on our products and services to support their missions each and every time. This includes protecting the information related to these products and services and ensuring timely reporting when this information is compromised or exposed to unauthorized parties.
Expectations of Suppliers:
- “Compromise” is defined as unauthorized access, inadvertent disclosure, known misuse, loss, destruction, or alteration of information provided by Lockheed Martin other than as required to perform agreed to scope of work
- Take appropriate and immediate actions to investigate and contain the incident and any associated risks
- Provide reasonable cooperation to Lockheed Martin in conducting any investigation regarding the nature and scope of any incident
- Costs incurred in investigating or remedying incidents shall be borne by the supplier
- Contracts not governed by cyber DFARS suppliers are required to notify the Lockheed Martin point of contact specified in the Lockheed Martin contract (e.g. Subcontracts Program Manager, Subcontracts Administrator, or Buyer) within 72 hours or as specified in the Lockheed Martin contract.
- Contracts governed by cyber DFARS Clause 252.204-7012 suppliers are required to notify the DoD, and Lockheed Martin (e.g. Subcontracts Program Manager, Subcontracts Administrator, or Buyer) within 72 hours of discovery of cyber events.
- Lockheed Martin Programs and personnel must coordinate all cyber incidents with the Lockheed Martin Computer Incident Response Team (LM CIRT). The LM CIRT will work with impacted programs to make all required cyber incident notifications.