Blog

Protecting the Supply Chain and Meeting the Compliance Challenge

Posted by: Mary Pat Simmons August 10, 2016 Compliance, Cybersecurity, Supply Chain Management

Government contractors rely on multi-tiered value chains of hundreds or even thousands of partners to conduct business. A strong value chain can bring significant cost, schedule, and resource advantages, but it also comes with challenges. According to the National Institute of Standards and Technology (NIST), the likelihood that a manufacturing organization will experience a supply chain disruption in a 24-month period is an astounding 98%.

One high-profile form of disruption, cyberattacks, strategically targets smaller, “flow-down” organizations – the perceived “weak links” in the chain. The Department of Defense (DoD) understands this threat and has upped the ante by instituting stronger security measures for any organization that handles covered defense information (CDI). The latest Defense Federal Acquisition Regulations Supplement (DFARS) provision issued by the DoD – DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting” – mandates contractor and flow-down compliance with over 100 security requirements identified in NIST Special Publication (SP) 800-171. These requirements specify how CDI is to be protected for local and network access across nonfederal information systems and organizations.

Contractors and their subcontractors who exchange CDI face a December 2017 deadline to fully comply with the DFARS mandate or risk contract loss or disqualification. These organizations must identify where CDI resides in their information systems, self-assess their cybersecurity capabilities and compare to the SP 800-171 safeguards, and report on and address any compliance gaps.

So, how do you ensure that your supply chain is secured? How do you make sure that every downstream organization in your supply chain meets the new DFARS standards? If you are a small- or medium-sized business, how can you afford to comply?

The Exostar Risk Management Solution

Exostar created our risk management solution to enable organizations to successfully overcome the challenge of securing a complex partner network. The solution collects and analyzes information from trusted sources to create a more holistic picture of a partner’s/supplier’s current and potential risk and impact to an organization.

Our risk management solution:

  • Establishes common definitions and standards to measure risk
  • Leverages a “Complete Once” model to reduce resource requirements for buyers and suppliers
  • Accelerates onboarding for suppliers
  • Facilitates cross-function information sharing
  • Delivers a higher level of assurance

But don’t take our word for it. Leading Aerospace & Defense industry organizations, including Boeing, Lockheed Martin, Raytheon, and BAE Systems, are using our solution today to help manage supply chain cybersecurity risk. And Gartner cited our risk management solution as the driver for naming Exostar a 2016 Cool Vendor. Be our guest and have a look at the report.

Read more about the Exostar risk management solution and how it can help you protect your supply chain and meet the compliance challenge.