TPM Cyber Security

Need access to OBM and the CCRA?
Lockheed Martin has transitioned to the new Cybersecurity Compliance and Risk Assessment (CCRA) hosted on Exostar’s Onboarding Module (OBM). Suppliers that have not been system-migrated or invited to complete the new questionnaire can still gain access to the OBM application and the CCRA survey by resubmitting their “Certifications and Representations” (Step 7 below) on the Self-Certification section of their TPM vendor profile. Upon recertification, it may take up to 45 minutes for the system to provision access to OBM and the CCRA. If you are unable to access OBM after certifying (1) to Applicability of Cyber DFARS or Yes to Handling Sensitive Information, please contact the Exostar Help Desk.
 
The completion of the CCRA Questionnaire is required annually. Please follow the instructions below to determine if your organization must complete the CCRA questionnaire.

Please see the TPM OBM Guide for detailed instructions on how to access and complete the CCRA.

IMPORTANT! You MUST use a PC and Google Chrome to access the Onboarding Module application.

Edit TPM Profile

Organization Administrators make changes to your company’s TPM profile including accessing the Cybersecurity Compliance and Risk Assessment (CCRA) questionnaire by following the steps below:

1. Log into your Managed Access Gateway (MAG) account with your multi-factor security credential (e.g. Phone OTP, DoD CAC, etc).

NOTE: To access OBM, you must be logged in with multi-factor credentials.

2. From the My Account tab, select View In Trading Partner Management (TPM) link next to the Organization Name. After clicking the View In Trading Partner Management (TPM)  link, you are presented with a notification. 

3. Click Continue to access your organization’s TPM profile then from the left hand navigation menu, select Self Certification.  

4. Scroll down to the Cyber Security section. Review the information provided.

5. Under the Applicability of Cyber DFARS and NIST SP 800-171 section, review the question and select the applicable radio button for the answer.

IMPORTANT: Carefully review this section and select the appropriate answer.

If you select (1) Seller asserts that DFARS 252.204-7012 applies. (By so asserting, Seller is required to complete the Exostar Cybersecurity Compliance and Risk Assessment (CCRA) questionnaire and confirm assessment score in US DoD’s Supplier Performance Risk System (SPRS).

Selecting options 2(a), 2(b), or (2c), asserting that DFARS 252.204-7012 and Covered Defense Information / Controlled Unclassified Information does not apply, will not prompt you to complete the CCRA questionnaire.

6. Under the Handling Sensitive Information section, the question will automatically be set to Yes if the Applicability of Cyber DFARS and NIST SP 800-171 question is (1). Otherwise, you need to assert whether you are receiving any Sensitive Information from Lockheed Martin.

NOTE: Once you answer both questions, you can begin the Cybersecurity Compliance Risk Assessment (CCRA) Questionnaire by selecting the highlighted link under either section.

IMPORTANT: If you answer (1) on the DFARS applicability section or Yes to the handling Sensitive Information question, the CCRA form is automatically assigned to you.

7. Once all required sections are complete, click Submit Certifications and Representations

NOTE: A confirmation message displays, and self-certification dates and user information displays below the message. The completed certification and representation are valid for one year from submission. The system sends your Organization Administrators annual expiration warning emails, starting 60 days in advance of the calculated expiration date. You can perform the certification and representation process at any time during the year.


Additional Resources

See the TPM Training Resources page and the OBM Training Resources page for detailed user guides.

Updated on November 21, 2024
Was this article helpful?

Related Articles