Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Supplier Cybersecurity

Meeting U.S. Government Contract Cybersecurity Regulations

Compliance with the following Defense Federal Acquisition Regulation Supplement (DFARS) clauses – which address the safeguarding of information for secure dissemination between the Department of Defense (DoD), prime contractors and their suppliers – has been required as of Dec. 31, 2017:

The DoD also added additional requirements to prime contractors and their suppliers in November 2020:

For any contracts L3Harris has or receives that contain these clauses, the clauses also flow down to all sub-tiers of the prime contract. This means they must have in place the higher level of network security, as applicable, and the rapid reporting chain of command as defined in DFARS 252.227-7013.

At a minimum, organizations that have Covered Defense Information (CDI) must comply with all National Institute of Standards and Technology (NIST) Special Publication 800-171 security controls, as addressed in the clauses above.

Exostar Partner Information Manager

In order to execute our government contracts, L3Harris must have insight into our suppliers’ cybersecurity positions and their ability to protect sensitive information. L3Harris is one of many prime contractors that use Exostar’s Partner Information Manager (PIM) tool to manage supplier compliance with DoD cybersecurity requirements. The Exostar security questionnaire (https://www.myexostar.com/PIM) enables your company to attest to its compliance with each NIST SP 800-171 security control.

The Exostar PIM system also benefits L3Harris suppliers as it enables your company to complete the questionnaire once and later share the results with any other participating prime contractors who request it. This reduces the time you will spend completing multiple questionnaires and provides a standard and consistent set of minimum cybersecurity expectations.