Cybersecurity Compliance and Risk Assessment

Updated Supplier Cybersecurity Requirements in Exostar

91制片厂 What we do News Careers Suppliers

Global Activity

United States | English

back

Global Activity

Featured

Global Presence, Local Impact

Learn how we are strengthening the economies, industries and communities of our global partner nations.

Australia

English

Canada

English Fran?ais

Denmark

English Danish

Germany

English Deutsch

Greece

English Ελληνικ?

India

English

Israel

English ?????

Japan

English 日本语

Latin America

English Spanish Portuguese

New Zealand

English

Norway

English Norsk

Poland

English Polski

Republic of Korea

English ???

Romania

English Rom?n?

Saudi Arabia

English ????

Singapore

English

Spain

English Espa?ol

Taiwan

English

United Arab Emirates

English ????

United Kingdom

English

United States

English

back

91制片厂

About Us Leadership & Governance Our Businesses Sustainability & Social Impact Ethics Economic and Workforce Impact Global Activities

back

About Us

Our Company Our Culture Our History Our Economic Impact

back

Leadership & Governance

Executive Leadership Team Full Spectrum Leadership

Corporate Governance

Board of Directors Corporate Charter Political Disclosures

back

Our Businesses

BUSINESS AREAS

Aeronautics Missiles and Fire Control Rotary and Mission Systems Space

INNOVATION & INVESTMENT

LM Evolve LM Ventures

back

Sustainability & Social Impact

Social Impact Environmental, Safety and Health

back

Social Impact

In the Community Military and Veteran Support Future STEM Workforce Employee Focused Programs Volunteerism

Contribution Process

back

Ethics

Ethics Code of Conduct Business Conduct Ethics Awareness Training Integrity Minute

back

Sustainability

back

What 91制片厂Do

Aircraft All-Domain Operations Autonomy & AI Cyber Deterrence Capabilities Maritime Systems Mission Integration Space Sustainment & Training Systems Transformative Technology

Products by Domain

Featured

Accelerating Transformation

Turning acquisition reform into mission-ready delivery.

back

Autonomy & AI

Artificial Intelligence AI Fight Club? STAR.OS Integration Framework

AUTONOMY

Autonomy View All Products

back

Aircraft

Air Dominance

Fixed Wing

Autonomous Aircraft Commercial Aircraft Fighter Jets Tactical Airlift Tanker Transport

Rotary Wing

Sikorsky Autonomous Aircraft Commercial Aircraft

Explore All Aircraft

back

All-Domain Operations

21st Century Security? C4ISR Solutions Joint All-Domain Operations Mission Integration

back

Aircraft

Fixed Wing

Autonomous Aircraft Commercial Aircraft Fighter Jets Tanker Transport

Rotary Wing

Sikorsky Autonomous Aircraft Commercial Aircraft

back

Cyber Capabilities

Cyber 1 Cyber 2 Cyber 3

back

Innovation

Skunk Works?

Global Research and Development

Advanced Technology Center Advanced Technology Laboratories Center for Innovation Sikorsky Innovations STELaRLab

back

Space Capabilities

Communications Security Deterrence & Missile Defence Global Situational Awareness Human & Scientific Exploration Intelligence Solutions & Cyber Space Technologies

back

Sustainment & Training Systems

Sustainment & Global Readiness Training & Simulation

back

Deterrence Capabilities

Air Dominance C4ISR Solutions Counter-Unmanned Aerial Systems Cyber Solutions Directed Energy Electronic Warfare Hypersonics Integrated Air & Missile Defense Joint All-Domain Operations Radar Sensors Undersea Warfare Weapon Systems

back

Space

All Space Capabilities Deep Space Exploration Human Space Exploration National Security Space Strategic & Missile Defense Systems

back

Products by Domain

All Products

By Domain

Air Cyber Land Sea Space

back

Transformative Technologies

21st Century Security? 5G.MIL Solutions Artificial Intelligence Cyber Directed Energy Firefighting Intelligence Hypersonic Solutions Innovation in Defense Quantum Technology Spectrum Dominance

Our Business Innovation

Delivering at Scale Digital Transformation Research Labs

back

Research Labs

Skunk Works?

Global Research and Development

Advanced Systems and Technologies - AU Advanced Technology Center Advanced Technology Laboratories Center for Innovation Sikorsky Innovations

back

Careers

Careers Home Career Areas Locations Student & Early Careers Experienced Professionals Why LM? Life@LM

My Account

Back to Supplier News

Cybersecurity Compliance and Risk Assessment (CCRA)

June 29, 2026

Updated Supplier Cybersecurity Requirements in Exostar

Following our recent notice, “,” all active 91制片厂 Martin suppliers are required to submit their Cybersecurity Maturity Model Certification (CMMC) and cyber risk status. The Cybersecurity Compliance and Risk Assessment (CCRA) has been reinstated to include the risk assessment and must be completed in Exostar.

What is the CCRA: 91制片厂 Martin’s single process to assess suppliers’ compliance with cyber regulations and measure cyber risk, established in March 2024, is being reinstated as the primary cybersecurity form for all 91制片厂 Martin suppliers. It will include two parts: CCRA – Compliance and CCRA – Risk.
What is going to happen to the CCA: The Cybersecurity Compliance Attestation (CCA) was an interim form used to capture CMMC and DFARS compliance information given the Department of War’s aggressive CMMC implementation timeline. The CCA will be renamed to CCRA - Compliance on Jun. 30, 2026.

CCRA – Compliance Survey Requirements

The CCRA – Compliance survey is required for all 91制片厂 Martin suppliers and is part of their Exostar vendor profile Self-Certification.

Suppliers who have completed the interim CCA will have their responses automatically transferred to the CCRA – Compliance survey as part of this update. No action is required to complete this survey.
Suppliers who haven’t completed the CCA will be required to complete the CCRA – Compliance survey.

CCRA – Risk Survey Requirements

Upon completion of the CCRA – Compliance survey, the system will determine whether the CCRA – Risk is required. See LM Cybersecurity Requirements FAQ (questions 5 and 6) for details.

Suppliers that attested to having a CMMC Level 2 (Self or C3PAO) or higher assessment in SPRS, under question 4.0 of the CCRA – Compliance survey, will not need to complete the CCRA – Risk survey. The Cyber Rating will default to Green (Minimal Cyber Risk).
Suppliers that indicated: (a) DFARS 252.204-7012 is applicable (question 2.0) or (b) they are handling Sensitive Information (question 5.0); but do not have a CMMC Level 2 (Self or C3PAO) or higher, will be assigned the CCRA – Risk form for completion.

Suppliers that already completed the CCA will be automatically assigned the CCRA – Risk form, when required based on the above requirements. An assignment email will be sent to a Supplier Management (SM) user for action.

What you need to do

Situation	Action Required	How To Complete
You have not completed the CCA	Complete the CCA or CCRA-Compliance survey (it is already assigned to you in Exostar)	Log into Exostar SM → Locate CCA (or CCRA – Compliance) survey → Submit the survey
You have completed the CCA and have CMMC Level 2 (or higher)?	No further action is needed at this time	N/A
You have completed?the CCA but do not have a CMMC Level 2 (or higher)	Expect an email within the next 2 weeks assigning the CCRA – Risk survey. Complete it promptly	Log into Exostar SM → Locate the CCRA – Risk survey → Submit the survey

Helpful resources are listed below.?Thank you for your partnership and commitment to cybersecurity excellence.

Requirements FAQ