Exostar Glossary Terms

0-9

Activation: Process of registering a credential to a specific user account / user ID.

Adoption: Process where our partners and other selected large companies can invite their partners to MAG application.

Adoption Administrator: Adoption Administrators is only available to Partner companies. Adoption Admins are responsible for inviting suppliers to use MAG and subscribing them to their partner’s applications.

Application: Is a web-based solution that a user or administrator can access specific Buyer applications through Exostar’s Managed Access Gateway or Secure Access Manager. (Some applications are specific to the Buyer and link to the Buyer’s specific web portal).

Application Administrator: Can only manage requests for applications they are administering, and they are responsible for approving or denying access to that specific application. App Admins can only manage users, accept terms & conditions for the specific applications they administer.

Authentication: Process of verifying the identity of a person or device (i.e. entering password or answering security questions to reset your password).

Authy™: The Exostar Mobile ID service sits on top of the Authy mobile app. Authy uses two-factor authentication, for quick and convenient access.

B2B Integrations: Is a solution for high volume suppliers where buyers and suppliers can seamlessly exchange information via EDI or other file formats such as XCBL and Flat File.

Basic Level of Assurance (BLOA): BLOA Software/Digital certificate; lower credential strength; does not require in-person proofing and may be stored on the user’s computer.

Binding: Process of associating a hardware token with a single Exostar account and User ID.

Buyer: Is someone who is a part of a company that is inviting a supplier (a company that provides goods or services) to use an application. A buyer determines the level of two-factor authentication (2FA) that is required for the supplier.

Certification Assistant: Is a SaaS-based tool used to assist DoD contractors in meeting and managing Cybersecurity Maturity Model Certification (CMMC) requirements.

Credential Strength: Level of security to verify a user’s identity in combination with password. Stronger levels include Phone OTP, Digital Certificates or Hardware Tokens which are harder to compromise.

Credentials: Credentials are used (in addition to password protection) to confirm your identity with Exostar. (Examples are: Phone One-Time Password, Hardware OTP, Exostar Mobile ID, and Medium Level of Assurance (MLOA) certificates.

Cybersecurity Maturity Model Certification (CMMC): The Cybersecurity Maturity Model Certification (CMMC) is a new requirement for existing DoD contractors, replacing the self-attestation model and moving to third-party certification. In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review:
– Safeguard sensitive information to enable and protect the warfighter
– Dynamically enhance DIB cybersecurity to meet evolving threats
– Ensure accountability while minimizing barriers to compliance with DoD requirements
– Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience
– Maintain public trust through high professional and ethical standards

EAG or 3rd Party Credentials: Acceptable 3rd Party Credentials are the NASA PIV card, DoD CAC, and Northrop Grumman OneBadge. EAG credentials are issued by your organization and registered with Exostar. You can associate your company-issued credentials by linking them with your Exostar account for application access.

Enterprise Access Gateway (EAG): Is a service that allows users to access Managed Access Gateway (MAG) and any applications and services accessible through the platform, using their company-issued credentials.

Exostar Key Management Agent™ (KMA): KMA™ is a Java based application developed by Exostar. KMA™ replaces ActiveX as your tool for downloading MLOA digital certificates on your hardware token.

Exostar’s Managed Microsoft 365: Is a solution for CMMC is geared to help organizations protect CUI and maintain DoD compliance without an outlay of huge cost.

Exostar’s Supplier Portal: Is a comprehensive solution that supports interactions with all suppliers across a range of processes including planning, logistics, quality management, procure-to-pay, supplier onboarding, supply risk assessment, vendor-managed inventory, sourcing and supplier information management

Experian Proofing: (Available only in U.S.) A credit bureau proofing process, which requires users to verify their identity by answering credit bureau-based questions.

FIS Administrator: Only has administrative privilege’s for the FIS application. The FIS Admin is responsible for approving or denying access for FIS digital certificate requests. When users request FIS certificates, the request routes to the FIS Administrator for approval.

Federated Identity Service (FIS): Is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar’s MAG platform.

First-Time Login (FTL): FTL refers to a user’s very first login into their new MAG account.

ForumPass: Is a solution based on Microsoft SharePoint 2016, which provides organizations with a secure environment for shared projects and documents collaboration.

Identity Proofing: Identity Proofing is a process used to verify a user identity before issuing secure access to the Exostar platform and applications it contains. (2 types: Video and Experian)

Identity and Access Management (IAM): Process used by companies to ensure that only authorized individuals access their secure systems. Exostar is specialized in offering IAM products and tools (MAG, SAM).

Information Manager: Is a secure supplier information portal that enables targeted collaborative information sharing between buyers and their suppliers.

Level of Assurance: Level of Assurance information is based on the NIST Special Publication 800-63 and provided as a reference only. Unless otherwise noted, the provided equivalence does not necessarily constitute adherence to an industry certification nor acceptance by a specific Exostar connected application.

License Key: Some Exostar credentials require a license key in order to activate. A license key is a unique code or token that allows the user to identify themselves as a paying customer. This license key is provided upon full payment.

Link: Process of associating multiple Exostar user IDs to one user and/or associating an enterprise user with an Exostar account and user ID.

Live Video Proofing: Process done via WebEx interview where a user shows a valid government-issued photo identification to prove your identity to Exostar’s proofing agent.

Managed Access Gateway (MAG): Is a secure identity & access management cloud service which provides web-based single sign-on user access, and a single place to connect to partner applications for the Aerospace & Defense industries.

Medium Level of Assurance (MLOA): MLOA Software certificate/ Hardware token, medium to high credential strength; does require in-person proofing required and is stored on a user’s hard drive or USB security hardware token.

Mobile ID: Mobile ID service allows users to utilize a smartphone app for generating One Time Passwords.

OTP Hardware Token: OTP Hardware Token generates a random single-use password for each logon. Used in combination with other Exostar credentials, such as user ID and password, the token reduces the risk of un-authorized access to systems and information.

Onboarding: Process of getting users and organizations up and running on the Exostar platform.

One-Time Password (OTP): OTP ensures that only authorized users have access to Exostar’s applications. 3 Types: Phone OTP, Mobile ID and Hardware Token (see additional terms below to learn more).

Organization: Any entity within the Exostar platform that can collaborate with other organizations.

Organization Administrator: Is responsible for performing activities on behalf of their organization. An organization can have a single or multiple Organization Administrators. The Org Admin is responsible for creating and managing users in your organization, approving requests, accepting terms & conditions for all applications as well as performing additional tasks.

Organization ID: Organizations registered with Exostar will have a unique Organization ID (Org ID).

Organization Steward: Organization Steward role allows a single user to exercise administrative control over groups of designated organizations. Org Stewards have the same privileges and responsibilities as Organization and Application Administrators for all applications the organizations are subscribed to.

Partner Information Manager (PIM): Is a risk management tool that leverages information from trusted sources to provide a partner (buyer) with a supplier’s current and potential risk and impact. PIM allows a company to complete a questionnaire and securely share it with their partner organization.

Password: Is a string of characters used to verify the identity of a user during the authentication process. Passwords can vary in length and can contain letters, numbers and special characters. Passwords are used in combination with usernames/User ID’s and allow a user to gain access to an application.

Phone OTP: Phone OTP allows you to register your mobile phone or LAN line phone to receive one-time passwords via text or voice. Each time you log into the Exostar platform, you will be required to enter your user ID, password, and Phone OTP code to access an application that requires the credential. Phone OTP is used in combination with your MAG user ID and password. Using this two-factor authentication (Phone OTP + username and password) reduces the risk of unauthorized access to your account and provides added security.

Provider Pass: Is a solution that enables Electronic Health Record (EHR) vendors to support Electronic Prescribing Controlled Substances (EPCS) within their e-Prescribing platform

Risk Management: Is the vertical of Exostar products, designed to mitigate cyber-risks to supply chains of companies within Aerospace & Defense.

Secure Access Manager (SAM): Is a portal that provides single sign-on service with secure registration, authentication, and account management for Lifesciences & Healthcare applications.

Secure Applications: Any application that is accessible inside the Exostar platform is considered a secure application. Based on the requirements of the application provider, a higher level of authentication may be necessary to access the application.

Secure Collaboration: Is a vertical for Exostar’s applications that securely and compliantly share business sensitive information internally and externally.

Secure Source-to-Pay: Is a hosted, Software-as-a-Service (SaaS) offering that spans across the purchase lifecycle including sourcing, contract management, supplier relationship management, procurement, payments and invoicing.

Service Provider Administrator: The SP Admin role is only available to partner companies. There are two types of SP Administrator roles: administrative and view only. The SP Administrator role with administrative permissions allows users to approve or deny access for specified partner applications, as well as to resend provisioning records. The SP Administrator role has view only permissions. Additionally, SP Administrators can run reports.

Supplier: Is a company that provides goods or services to a Buyer. Suppliers must be invited first to access the application by the Buyer. Once access is approved, the Supplier can access the application with the level of two factor authentication (2FA) required by the Buyer.

Supply Chain Management: Is a vertical for Exostar’s applications that maximize visibility and redeploy resources to critical tasks while improving your order response and fulfillment cycle times.

Supply Chain Platform (SCP): Enables visibility and control of supply chain operations and performance. The solution provides a real-time, end-to-end picture of demand planning and order management.

Trading Partner Manager (TPM): Is a solution that provides complete registration life-cycle for supplier invitation and registration. Lockheed Martin uses TPM to invite new or existing Exostar Managed Access Gateway (MAG) customer partners (suppliers) to access the Lockheed Martin Procure to Pay (LMP2P) portal.

Two-Factor Authentication (2FA): Is an extra layer of security that is known as multi-factor authentication. Types of 2FA are: One-Time Passwords sent to users’ phones, tokens, or Mobile ID app ensure that only authorized users can login.

User: Is a basic role that has access to application(s) and does not have any administrative privileges for their organization’s account.

User ID: Is a unique alpha-numeric name assigned to a user who is registered with the Exostar platform. It is required in conjunction with a user password in order to access the platform.

Updated on January 24, 2023

Tagged: Glossary Terms & Definitions

Was this article helpful?

Yes No