51³Ô¹Ï

Document CMMC status in Exostar

51³Ô¹Ï Logo
Back to Supplier News

Document CMMC Status in Exostar

December 01, 2025

Background

Following our recent notice, ¡°¡±, all active 51³Ô¹Ï suppliers are required to submit their Cybersecurity Maturity Model Certification (CMMC) status. To address these requirements, a new form - the Cybersecurity Compliance Attestation (CCA) ¨C must be completed in Exostar.

  • What the CCA does: It records your organization¡¯s attestations on the applicability of / compliance to U.S. Government (USG) cybersecurity regulations, including your current CMMC status.?
  • When you¡¯ll receive it: Within the next few weeks, you will be sent an invitation through Exostar that includes step-by-step guidance for accessing the CCA and updating your self certifications.?
  • Why it matters: The CCA is an interim form, pending an update to our Cybersecurity Compliance and Risk Assessment (CCRA). It will be the primary source for CMMC and other compliance related attestations.?
1. Address DOD¡¯s Requirements
?
Based on the history of contracts received from 51³Ô¹Ï and the types of possible future work, active suppliers should determine their required CMMC level and document corresponding self-assessment or C3PAO assessment in DOD¡¯s SPRS system.
?
2. Provide your CMMC Status to 51³Ô¹Ï
?
As part of an organization¡¯s vendor profile self-certifications in Exostar, 51³Ô¹Ï requires all suppliers to attest regarding USG cyber regulatory applicability and their compliance with any applicable regulations. Effective with DOD¡¯s CMMC requirements, this includes documenting an organization¡¯s applicable CMMC statuses that support LM subcontract work using the Cybersecurity Compliance Attestation (CCA) in Exostar.
  • When you receive the system-generated email from Exostar (noreply@exostar.com), log into Exostar Supplier Management (SM) and complete the CCA as soon as possible to avoid business disruptions for awarding subcontracts with CMMC requirements.?
  • See for additional details on how to access and complete the Cyber Compliance Attestation.?
  • Note for organizations with previously submitted CCRA: prior submissions will be available for review only (cannot be edited).

3. Maintain Current CMMC Status

Be aware that any lapse in required CMMC status will directly impact your organization¡¯s ability to receive DOD subcontracts. Ensure that you maintain current annual affirmations of continuous compliance, and that your last assessment date is within required timeframes:

  • Level 1 ¨C FCI Only: Re-assessment (and affirmation) required each (1) year?
  • Level 2/3 Conditional ¨C CUI: Finalize within 180 days from assessment date, otherwise expires?
  • Level 2/3 Final ¨C CUI: Re-assessment required every 3 years?
  • Affirmations of Continued Compliance required annually for all CMMC Statuses?

Proactive cooperation is essential to maintaining the security of the Defense Industrial Base and guaranteeing uninterrupted business operations with Lockheed?Martin. Please allocate the necessary resources promptly to ensure your company is prepared.?Thank you for your continued partnership and dedication to cybersecurity excellence.

Contact Us