Edit TPM Profile
Organization Administrators make changes to your company’s TPM profile including accessing the Cybersecurity Compliance and Risk Assessment (CCRA) questionnaire by following the steps below:
1. Log into your Managed Access Gateway (MAG) account with your multi-factor security credential (e.g. Phone OTP, DoD CAC, etc).
NOTE: To access OBM, you must be logged in with multi-factor credentials.
2. From the My Account tab, select View In Trading Partner Management (TPM) link next to the Organization Name. After clicking the View In Trading Partner Management (TPM) link, you are presented with a notification.
3. Click Continue to access your organization’s TPM profile then from the left hand navigation menu, select Self Certification.
4. Scroll down to the Cyber Security section. Review the information provided.
5. Under the Applicability of Cyber DFARS and NIST SP 800-171 section, review the question and select the applicable radio button for the answer.
IMPORTANT: Carefully review this section and select the appropriate answer.
If you select (1) Seller asserts that DFARS 252.204-7012 applies. (By so asserting, Seller is required to complete the Exostar Cybersecurity Compliance and Risk Assessment (CCRA) questionnaire and confirm assessment score in US DoD’s Supplier Performance Risk System (SPRS).
Selecting options 2(a), 2(b), or (2c), asserting that DFARS 252.204-7012 and Covered Defense Information / Controlled Unclassified Information does not apply, will not prompt you to complete the CCRA questionnaire.
6. Under the Handling Sensitive Information section, the question will automatically be set to Yes if the Applicability of Cyber DFARS and NIST SP 800-171 question is (1). Otherwise, you need to assert whether you are receiving any Sensitive Information from Lockheed Martin.
NOTE: Once you answer both questions, you can begin the Cybersecurity Compliance Risk Assessment (CCRA) Questionnaire by selecting the highlighted link under either section.
IMPORTANT: If you answer (1) on the DFARS applicability section or Yes to the handling Sensitive Information question, the CCRA form is automatically assigned to you.
7. Once all required sections are complete, click Submit Certifications and Representations.
NOTE: A confirmation message displays, and self-certification dates and user information displays below the message. The completed certification and representation are valid for one year from submission. The system sends your Organization Administrators annual expiration warning emails, starting 60 days in advance of the calculated expiration date. You can perform the certification and representation process at any time during the year.
Additional Resources
See the TPM Training Resources page and the OBM Training Resources page for detailed user guides.