Page Contents

Jump to...


Exostar provides services to many of the Aerospace & Defense (A&D) industry’s prime/Original Equipment Manufacturer (OEM) contractors, such as BAES, Boeing, Lockheed Martin, Northrop Grumman, Raytheon, and Rolls Royce. These companies use Exostar to securely collect their suppliers’ compliance and cybersecurity self-assessments used within their vendor due diligence and contractual processes. 

This request for your organization is involved with a Missile Defense Agency (MDA) pilot initiative, tied to specific contracts that include your organization, with the objective to determine the scope of Controlled Unclassified Information (CUI) in the supply chain, and the understanding of the supply chain of the requisite DFARS 252.204-7012 requirements to protect it and to share (flow down) those requirements to your subcontractors and suppliers.

This pilot program is intended to give the MDA visibility to its full supply chain that involves CUI, without exposing your suppliers to other buyer/supplier organizations in the supply chain.  Organizations in this pilot system can only view their buyer in a contract, and their direct suppliers with whom they are sharing CUI. It is important to note the DFARS 252 CT is the only form required for this program.

The MDA Pilot Program utilizes Partner Information Manager (PIM)a risk management tool that leverages information from trusted sources to provide a partner (buyer) with a supplier’s current and potential risk and impact. PIM is used behind Exostar's Managed Access Gateway (MAG). To access PIM, Phone One Time Password (OTP) without Proofing is required and is sponsored, so you do not incur a charge. Please see the MDA Pilot Program - Registration page for additional information.

Please see the PIM FAQs page for additional information and please see the Videos - MDA Pilot Program page for video instruction on completing registration, first-time login, sponsored credentialing, as well as accessing PIM and locating the Contracts form.

CUI Requirements

All Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum security standards by December 31, 2017 or risk losing their DoD contracts.

DFARS Safeguarding rules and clauses, for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. DFARS provides a set of “basic” security controls for contractor information systems upon which this information resides. These security controls must be implemented at both the contractor and subcontractor levels based on the information security guidance in NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations.” For more information regarding this requirement please visit DFARS Cybersecurity Requirements.

Click the arrows below to read further about the overall process and form resources.


Please select the image to enlarge:



News and

Stay tuned...