Exostar’s Partner Information Manager (PIM) is a risk management tool that leverages information from trusted sources to provide a partner (buyer) with a supplier’s current and potential risk and impact. PIM allows a company to complete a questionnaire (Cybersecurity Questionnaire or NIST SP 800-171) once for the partner organization, and then later share, with the company’s approval, the same results with other contractors using the company’s products and services. This ask once and share model reduces the burden of completing multiple questionnaires. Additionally, PIM provides contractors with a consistent set of minimum cyber security expectations for suppliers.
If your company was invited to use PIM and complete a questionnaire, there is no fee to use the application. Please see the Form Resources page and PIM FAQ page for additional information. If your company is ready to explore PIM and would like to start assessing companies they do business with, please see additional resources below.
Click the arrows below to read further about the overall process, benefits of PIM, and roles available to users.
The chart below offers the overview of steps required to set up your company's access to the PIM solution. Please select the image to enlarge:
The National Institute of Standards and Technology (NIST) has strengthened language to position its cybersecurity controls as prescriptive rather than voluntary. The Office of Management and Budget (OMB) and Department of Defense (DoD) are reinforcing the message by incorporating these controls into Federal Acquisition Regulation (FAR) and Defense FAR (DFAR) policies, making them a contractual requirement for organizations wishing to do business with the Federal Government.
The DFAR even accounts for Covered Defense Information (CDI), stating that prime contractors are responsible for ensuring all their suppliers meet CDI requirements for information protection against cyber threats.
The heart of the PIM platform is a powerful engine that propels ongoing information gathering, analysis, and display features including:
- Pre-built questionnaires
- Integration to leading data providers
- Email and portal templates
- Workflow and approval processes
- Role-based dashboards
|title||Roles and Responsibilities|
Roles and Responsibilities
Buyer: Someone who is a part of a company that is inviting a supplier (a company that provides goods or services) to use PIM.
Standard User: Can view their Supplier forms, run reports, download Supplier feedback reports, download blank forms, and search for Supplier partners.
Application Administrator: Can view Supplier forms, run reports, download Supplier feedback reports, download blank forms, search for Supplier partners, create/ manage groups of Suppliers, manage their PIM Buyer user roles, and deactivate/ activate their Buyer PIM users.
Supplier: Provides goods or services to a buyer. The supplier can access PIM after receiving an invitation from the buyer to complete a questionnaire.
- Standard User: Can view their organization forms, download feedback reports, download blank forms, complete & submit forms assigned to them by an Application Administrator, and view form scores.
- Application Administrator: Can accept/ deny form sharing requests, assign forms to Supplier users, view their organization forms, download feedback reports, download blank forms, manage Supplier user roles, deactivate/ activate their Supplier PIM users, and submit requests to opt – out of form sharing.
Any MAG user can be assigned the PIM Application Administrator role in MAG. To see who performs this role in your company, follow the below path to navigate to the list of your company’s Application Administrators: My Account tab > View Organization Details > see section titled Application Administrators.
Please note the individual performing the role of an Organization Administrator within your company is responsible for handling all tasks related to assigning administrative roles to other team members, adding users to MAG, or granting access to applications.