At Harris, we view cybersecurity as a shared responsibility with our suppliers. Following is an overview of current Department of Defense (DoD) requirements related to cybersecurity, how Harris is managing supplier compliance and how to report an incident. We have also supplied links to a wide variety of resources that provide additional information.

Meeting U.S. Government Contract Cybersecurity Regulations

Compliance with the following Defense Federal Acquisition Regulation Supplement (DFARS) clauses – which address the safeguarding of information for secure dissemination between the Department of Defense (DoD), prime contractors and their suppliers – has been required as of December 31, 2017:

For any contracts Harris has or receives that contain these clauses, the clauses also flow down to all sub-tiers of the prime contract. This means they must have in place the higher level of network security, as applicable, and the rapid reporting chain of command as defined in DFARS 252.204-7012.

At a minimum, organizations that have Covered Defense Information (CDI) must comply with all National Institute of Standards and Technology (NIST) Special Publication 800-171 security controls, as addressed in the clauses above.

Exostar Partner Information Manager

In order to execute our government contracts, Harris must have insight into our suppliers’ cybersecurity positions and their ability to protect sensitive information. Harris is one of many prime contractors that use Exostar’s Partner Information Manager (PIM) tool to manage supplier compliance with DoD cybersecurity requirements. The Exostar security questionnaire (link below) enables your company to attest to its compliance with each NIST SP 800-171 security control.

The Exostar PIM also benefits Harris suppliers. It enables your company to complete the questionnaire once and later share the results with any other participating prime contractors who request it. This reduces the time you will spend completing multiple questionnaires and provides a standard and consistent set of minimum cybersecurity expectations.

Reporting an Incident

Any cyber incident must be reported within 72 hours of discovery, or as specified in the Harris contract. In addition to reporting the incident directly to the DoD at Harris requires that you notify us of the incident. Please click the button below to report the incident.

Partnering to Thwart Cyber Crimes

Beyond contractual requirements, adherence to DFARS clauses enables Harris and its suppliers to maintain the high level of trust we have earned from our customers. We work closely with our suppliers to ensure they have the government-required safeguards in place for any work they perform on defense contracts. If you need more information, the links below have online resources to assist you with questions about DFARS cybersecurity controls and how to implement them. Or, contact the Harris Cyber mail box at:


Harris is not responsible for the content of these websites.