Partner Information Manager (PIM)
The National Institute of Standards and Technology (NIST) has strengthened language to position its cybersecurity controls as prescriptive rather than voluntary. The Office of Management and Budget (OMB) and Department of Defense (DoD) are reinforcing the message by incorporating these controls into Federal Acquisition Regulation (FAR) and Defense FAR (DFAR) policies, making them a contractual requirement for organizations wishing to do business with the Federal Government.
The DFAR even accounts for Covered Defense Information (CDI), stating that prime contractors are responsible for ensuring all their suppliers meet CDI requirements for information protection against cyber threats.
The heart of the PIM platform is a powerful engine that propels ongoing information gathering, analysis, and display features including:
- Pre-built questionnaires
- Integration to leading data providers
- Email and portal templates
- Workflow and approval processes
- Role-based dashboards
Roles and Responsibilities
- Buyer: Someone who is a part of a company that is inviting a supplier (a company that provides goods or services) to use PIM.
Standard User: Can view their Supplier forms, run reports, download Supplier feedback reports, download blank forms, and search for Supplier partners.
Application Administrator: Can view Supplier forms, run reports, download Supplier feedback reports, download blank forms, search for Supplier partners, create/ manage groups of Suppliers, manage their PIM Buyer user roles, and deactivate/ activate their Buyer PIM users.
- Supplier: Provides goods or services to a buyer. The supplier can access PIM after receiving an invitation from the buyer to complete a questionnaire.
- Standard User: Can view their organization forms, download feedback reports, download blank forms, complete & submit forms assigned to them by an Application Administrator, and view form scores.
- Application Administrator: Can accept/ deny form sharing requests, assign forms to Supplier users, view their organization forms, download feedback reports, download blank forms, manage Supplier user roles, deactivate/ activate their Supplier PIM users, and submit requests to opt – out of form sharing.
Exostar Customer Support cannot assist with responses to PIM forms, but can address PIM functionality.
- Cybersecurity Compliance Risk Assessment
- Center for Internet Security Information on Critical Security Controls
- Control Activity to Capability Level Matrix
- Process FAQ for Suppliers
- CSQ Blank Form
NIST SP 800-171: