Exostar, a leader in trusted, secure business collaboration and NIST 800-171 and CMMC solutions for the aerospace and defense industry, today announced The Exostar Platform’s Onboarding Module now supports the Cybersecurity Compliance and Risk Assessment (CCRA).
Prime contractors throughout the Defense Industrial Base (DIB) have begun to use the CCRA to gather cybersecurity information from the companies throughout their global, multi-tiered supply chains to assess compliance, understand and manage risk, and evaluate partnerships.
The CCRA provides a standardized, consistent means for collecting cybersecurity compliance data and calculating supplier risk. It contains a maximum of 60 questions, including inquiries about a subset of controls drawn from the National Institute of Standards and Technology Special Publication 800-171 (NIST 800-171).
The CCRA replaces the often proprietary, inconsistent, and outdated questionnaires prime and upstream contractors have used to capture this type of information from their downstream suppliers. Suppliers benefit because they complete the CCRA once and share it with all companies who accept it on a reciprocal basis.
The Exostar Platform’s Onboarding Module, which provides supplier visibility and risk management functionality throughout the relationship life cycle, automates the completion and sharing of the CCRA, adding even greater value. DIB companies no longer need to download and navigate a macro-enabled Excel file to respond to the CCRA and upload a comma-separated value file to export the results.
The Onboarding Module delivers a compelling user experience that makes it easy to answer all relevant CCRA questions and forward the output to any organization belonging to Exostar’s community comprised of more than half of all DIB businesses.
Lockheed Martin will rely on the Onboarding Module to help its suppliers transition to the CCRA. As the company states on its web site, “For LM suppliers, the CCRA will significantly reduce the burden and time it takes to complete over the legacy CSQ and NIST Questionnaire. The web-based CCRA will be implemented on Exostar’s Onboarding Module (OBM) and suppliers will be asked to migrate to the CCRA starting 1st Quarter 2024.”
“Although the CCRA doesn’t replace any Department of Defense cybersecurity requirements, its alignment with portions of NIST 800-171 moves companies closer to compliance with that standard and the forthcoming Cybersecurity Maturity Model Certification while simultaneously illuminating supplier risk for primes,” said Vijay Takanti, Exostar’s Senior Vice President of Innovation. “Now, all DIB companies can leverage The Exostar Platform’s Onboarding Module to accelerate CCRA adoption.”
The DIB Sector Coordinating Council’s Supply Chain Cybersecurity Task Force created the CCRA Working Group to develop the CCRA as a common set of security requirements integrated into a single concise format to measure both risk and compliance.
Working Group members include Lockheed Martin, RTX, L3Harris, Northrop Grumman, Leidos, Huntington Ingalls Industries, Boeing, BAE Systems, and Rolls-Royce.
The National Defense Information Sharing and Analysis Center, the operational and administrative arm of the DIB Sector Coordinating Council, offers more information about the CCRA on its CyberAssist web site.