Exostar provides the following services and applications to Leidos:
- Managed Access Gateway (MAG): Exostar's MAG is a secure identity and access management cloud service for the Aerospace & Defense industries. With MAG, organizations enjoy benefits like account management, web-based single sign-on user access, and a single place to connect to partner applications.
- Enterprise Access Gateway (EAG): EAG is an Exostar service that allows users to access MAG and any applications and services accessible through the platform, using their company-issued credentials. EAG must be enabled at the organization level, and is typically implemented across an entire organization. Users should look for notification from their organizations to begin using EAG.
- ForumPass Defense: Exostar partnered with Seclore to create the ForumPass Defense application in order to comply with the NIST 800-171 requirements. While maintaining many of the features and functionality available in the standard ForumPass application, ForumPass Defense provides a secure, multi-factor authenticated environment, in the United States, and incorporates the Digital Rights Management (DRM) functionality to protect documents inside and outside of the environment. Digital Rights Management (DRM) adds a layer of security at the document level which protects document content from unauthorized access. DRM-protected documents are watermarked with the user’s name and the date/time the file is opened, and access and functionality in a DRM library is controlled by the ForumPass Permission groups. For additional information on ForumPass, please see the ForumPass Self-Help page.
- Partner Information Manager (PIM): Exostar’s Partner Information Manager (PIM) is a risk management tool that leverages information from trusted sources to provide a partner (buyer) with a supplier’s current and potential risk and impact. PIM allows a company to complete a questionnaire (Cybersecurity Questionnaire or NIST SP 800-171) once for the partner organization, and then later share, with the company’s approval, the same results with other contractors using the company’s products and services. This ask once and share model reduces the burden of completing multiple questionnaires. Additionally, PIM provides contractors with a consistent set of minimum cyber security expectations for suppliers.
In order to access Exostar's applications, you must obtain a Phone One Time Password without Proofing credential. For step-by-step instructions on completing the Phone OTP process, please see the Leidos Credentialing page.
Click the arrows below to read further about the overall MAG, EAG, ForumPass Defense, and PIM processes, as well as the application benefits.
Please select the image to enlarge:
ForumPass Defense Workflow
Exostar's Managed Access Gateway (MAG) reduces the time and expense of establishing and maintaining external user accounts. It allows application owners to connect once and provide access to all validated external parties and users. Many of your business partners are likely already part of our large user community of Aerospace & Defense partners/suppliers with Exostar MAG (A&D) credentials, so you will be able to do business faster. Exostar’s MAG Platform will ensure that you have all necessary tools for secure and intelligent collaboration. With MAG, your company will enjoy the following benefits:
- A cloud-based, turnkey solution
- Ability to easily manage internal and external application users
- Strong authentication procedures for verifying user identities
- Simple and secure access to applications and data
- Streamlined communication across company divides
- Ability to protect collaborative spaces with additional security credentials
- Compliant with security regulations
- Desktop and mobile access
With single sign-on, users can access customer organization applications behind Managed Access Gateway (MAG) using their corporate credentials eliminating the need for users to remember multiple passwords.
If accessing applications that require two-factor (2FA) credentials, users can use their EAG connected credentials and do not need to purchase or renew additional credentials as long their company meets SP 800-63 LOA3 (IAL2/AAL2) requirements.
ForumPass Defense Benefits
- Office Integration Features, including document edit function that does not require local document downloads.
- Outlook Integration Features allowing users to combine SharePoint and Outlook Calendars.
- Search Refinement Panel that allows you to quickly narrow results of your search and find the right content faster.
Collaborative Work Environment:
- Team Sites provide a centralized location for a defined group of users to share documents, have conversations, view and assign tasks, view project timelines, create and maintain a centralized calendar, and view recent team activity.
- Community Sites provide a community experience in the ForumPass environment to categorize and cultivate discussions among a broad group of people across groups in an organization. Communities promote open communication and information exchange by enabling people to share their expertise and seek help from others who have knowledge in specific areas of interest.
Security and Data Controls:
- Database encryption providing additional protection for all system data.
- Continuation of the End-to-End (E2E) Encryption service for Sensitive and Restricted sites.
- Continued support for Federated Identity.
- Single sign on (SSO) for Exostar applications through Exostar’s Identity and Access Management Platform (formerly known as MAG).
- Acceptance of CertiPath compliant identities allowing users to leverage their company or government-issued credentials.
The National Institute of Standards and Technology (NIST) has strengthened language to position its cybersecurity controls as prescriptive rather than voluntary. The Office of Management and Budget (OMB) and Department of Defense (DoD) are reinforcing the message by incorporating these controls into Federal Acquisition Regulation (FAR) and Defense FAR (DFAR) policies, making them a contractual requirement for organizations wishing to do business with the Federal Government.
The DFAR even accounts for Covered Defense Information (CDI), stating that prime contractors are responsible for ensuring all their suppliers meet CDI requirements for information protection against cyber threats.
The heart of the PIM platform is a powerful engine that propels ongoing information gathering, analysis, and display features including:
- Pre-built questionnaires
- Integration to leading data providers
- Email and portal templates
- Workflow and approval processes
- Role-based dashboards
Exostar Customer Support cannot assist with responses to PIM forms, but can address PIM functionality.
- Cybersecurity Compliance Risk Assessment
- Center for Internet Security Information on Critical Security Controls
- Control Activity to Capability Level Matrix
- Process FAQ for Suppliers
- CSQ Blank Form