Maintaining Cybersecurity Maturity Model Certification Status
Following our recent notice, “Document CMMC status in Exostar”, all active Lockheed Martin suppliers are required to submit their Cybersecurity Maturity Model Certification (CMMC) status. The Cybersecurity Compliance Attestation (CCA) in Exostar will be the primary mechanism for collecting these attestations.
1. Document your CMMC status in DOD Supplier Performance Risk System (SPRS)
All suppliers supporting DoD programs should document at least their CMMC Final Level 1 (Self) status in DOD’s SPRS system. When Controlled Unclassified Information (CUI) is in scope, then a CMMC Final Level 2 (Self or C3PAO) should also be documented or pursued.
2. Provide your CMMC Status to Lockheed Martin in Exostar Supplier Management (SM)
Lockheed Martin does not have access to review suppliers SPRS submissions in the DoD’s system. As such, the CCA was implemented for suppliers to proactively share their CMMC status with Lockheed Martin. To avoid disruptions during RFx, bidding, or contract renewals on CMMC contracts, you must complete the CCA.
- Refer to the SM Guidance for TPM Users for detailed instructions on how to access and complete the CCA.
- Suppliers with Expired vendor profiles will need to contact Exostar Support to obtain SM access and have the CCA assigned.
3. Maintain Current CMMC Status in SPRS and Exostar SM
Ensure that you maintain current annual affirmations of continuous compliance, and that your last assessment date is within required timeframes.
- Upon status expiry, update/renew your CMMC status in SPRS
- Update your CCA in Exostar to provide the updated status to Lockheed Martin.
Your proactive cooperation is essential to maintaining the security of the Defense Industrial Base and guaranteeing uninterrupted business operations with Lockheed Martin. Please allocate the necessary resources promptly to ensure your company is prepared.
Thank you for your continued partnership and dedication to cybersecurity excellence. For questions, please contact us.