Harris Suppliers: Your Role in Cybersecurity
Effective cybersecurity is critical to protecting our nation’s information technology and competitive edge. Companies that serve the Aerospace and Defense sector are prime targets of cyber criminals, who seek to breach internal systems and those of third-party suppliers.
At Harris, we view cybersecurity as a shared responsibility with our suppliers. Following is an overview of current Department of Defense (DoD) requirements related to cybersecurity, how Harris is managing supplier compliance and how to report an incident. We have also supplied links to a wide variety of resources that provide additional information.
Meeting U.S. Government Contract Cybersecurity Regulations
Compliance with the following Defense Federal Acquisition Regulation Supplement (DFARS) clauses – which address the safeguarding of information for secure dissemination between the Department of Defense (DoD), prime contractors and their suppliers – has been required as of December 31, 2017:
- DFARS 252.204-7009, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information
- DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
- DFARS 252.239-7010, Cloud Computing Services
For any contracts Harris has or receives that contain these clauses, the clauses also flow down to all sub-tiers of the prime contract. This means they must have in place the higher level of network security, as applicable, and the rapid reporting chain of command as defined in DFARS 252.204-7012.
At a minimum, organizations that have Covered Defense Information (CDI) must comply with all National Institute of Standards and Technology (NIST) Special Publication 800-171 security controls, as addressed in the clauses above.
Exostar Partner Information Manager
In order to execute our government contracts, Harris must have insight into our suppliers’ cybersecurity positions and their ability to protect sensitive information. Harris is one of many prime contractors that use Exostar’s Partner Information Manager (PIM) tool to manage supplier compliance with DoD cybersecurity requirements. The Exostar security questionnaire (link below) enables your company to attest to its compliance with each NIST SP 800-171 security control.
The Exostar PIM also benefits Harris suppliers. It enables your company to complete the questionnaire once and later share the results with any other participating prime contractors who request it. This reduces the time you will spend completing multiple questionnaires and provides a standard and consistent set of minimum cybersecurity expectations.
Reporting an Incident
Any cyber incident must be reported within 72 hours of discovery, or as specified in the Harris contract. In addition to reporting the incident directly to the DoD at https://dibnet.dod.mil/portal/intranet/ Harris requires that you notify us of the incident. Please click the button below to report the incident.
Partnering to Thwart Cyber Crimes
Beyond contractual requirements, adherence to DFARS clauses enables Harris and its suppliers to maintain the high level of trust we have earned from our customers. We work closely with our suppliers to ensure they have the government-required safeguards in place for any work they perform on defense contracts. If you need more information, the links below have online resources to assist you with questions about DFARS cybersecurity controls and how to implement them. Or, contact the Harris Cyber mail box at: email@example.com
Harris is not responsible for the content of these websites.
Federal Acquisition Regulation (FAR)
Center for Internet Security
Small Business Administration (SBA):
Dept. of Homeland Security