CYBERSECURITY FOR SUPPLIERS
The need for Cybersecurity throughout our supply chain.
The threats facing industry’s ability to adequately safeguard its critical infrastructure are escalating dramatically. Hacking tools that require little or no skill to execute are increasingly available online, lowering the barrier of entry for bad actors and increasing their capabilities. Cybersecurity attacks are complex and often go undetected.
Additionally, DoD policy states that “cybersecurity be fully considered and implemented in all aspects of acquisition programs across the life cycle and responsibility for cybersecurity extends to all members of the acquisition workforce.”
General Dynamics Ordnance and Tactical Systems is committed to a proactive and compliant cybersecurity approach to safeguarding our networks, information, and systems. Below are resources for our suppliers on federal regulations and how to report cybersecurity incidents.
“Cybersecurity [should] be fully considered and implemented in all aspects of acquisition programs across the life cycle and responsibility for cybersecurity extends to all members of the acquisition workforce.”
Federal Acquisition Regulation (FARS)
This clause is applicable to all solicitations and contracts when a contractor or subcontractor at any tier may have federal contract information residing in or transiting through its information systems, including commercial items other than commercially available off-the-shelf items (COTS).
Defense Federal Acquisition Regulation (DFARS)
The Defense Federal Acquisition Regulation Supplement is a set of restrictions for the origination of raw materials intended to protect the US defense industry from the vulnerabilities of being overly dependent on foreign sources of supply.
Flow Down Clauses for Suppliers
The applicable flow-down clauses are included in General Dynamics Ordnance and Tactical Systems terms and conditions for its suppliers. The standard terms and conditions are available at the following link: https://www.gd-ots.com/suppliers/quality-clauses/
Reporting a Cybersecurity Incident
In accordance with DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting, subcontractors, including vendors and consultants, are required to rapidly report cyber incidents within 72 hours of discovery.
Achieving Cybersecurity Compliance – Other Helpful Cybersecurity References:
National Institute of Standards and Technology (NIST)
Supplier Performance Risk System (SPRS)
Cybersecurity Maturity Model Certification (CMMC)
Small and Medium Businesses (SMB)
Delivering The Best To The Best®
General Dynamics Ordnance and Tactical Systems is a global aerospace and defense company. We are a committed to providing the U.S. military and its allies with an extensive range of overarching products that provide a cutting-edge advantage to our war fighters. A General Dynamics Company.
100 Carillon Parkway
St. Petersburg, FL 33716
Main Number: (727) 578-8100