With supply chain networks particularly at risk, RTX aims to establish a protected supply chain ecosystem with infrastructure that supports secure collaboration across the supply base. Outdated security systems render companies vulnerable to data breaches and information compromises that could have detrimental effects throughout the supply chain, for our customers, the aerospace and defense industry, and national security. We are steadfast in our commitment to working with our suppliers to keep sensitive information safe, secure and out of the hands of those who would use it to endanger global security.

RTX reminds its suppliers to take appropriate steps to protect RTX information in its possession, and to report cyber incidents in accordance with existing obligations and in a timely manner.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris suscipit mi a tellus faucibus rhoncus. Nunc sapien ex, lacinia in dictum vitae, feugiat eget turpis. Maecenas at leo pretium metus egestas venenatis.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris suscipit mi a tellus faucibus rhoncus. Nunc sapien ex, lacinia in dictum vitae, feugiat eget turpis. Maecenas at leo pretium metus egestas venenatis.

A security architect working on cybersecurity.

Cybersecurity
Top 10 Best Practices

Learn more

RTX Supplier Cyber Requirements (Applicable to All Suppliers)

RTX Standard Terms & Conditions

 

Security for RTX, including Third Party, Information

Overview of elements:

  • Suppliers must
    • develop, implement, maintain, monitor, and update a written security program
    • install and implement security hardware and software designed to:
      • protect the integrity of Supplier's network, products, and RTX information
      • guard against security incidents
      • demonstrate compliance to generally accepted cyber frameworks
    • restrict access to RTX information to authorized employees and authorized 3rd parties
    • use standard encryption methods
    • support RTX in investigating cyber incidents

 

Flow down of U.S. Government Contract Clauses

DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

Suppliers supporting DoD contracts and handing CDI must:

Digital lock image

provide adequate security on information systems

Stylized stopwatch

Rapidly report cyber incidents

World map with digital lock overlay

Flow down requirements to subcontractors

DFARS 252.204-7020 NIST SP 800-171 DoD Assessment Requirements

Applies if suppliers are required to implement NIST SP 800-171 pursuant to DFARS 252.204-7012 for handling CDI/ Prior to award, supplier must have:

  1. Completed at least Basic Assessment within the last three years for all covered contractor information systems
  2. Submitted its summary level scores into the Supplier Performance Risk Systems (SPRS) or via encrypted email to [email protected] for posting to the SPRS

 

Cybersecurity Maturity Model Certification 2.0

The DoD CIO has published an initial draft of the new CMMC 2.0 ruling. Suppliers are encouraged to stay up to date with the latest CMMC 2.0 information here. At this time all suppliers are encouraged to review their latest NIST 800-171 self-assessments and begin to close any open POAM’s over the coming months.

Frequently Asked Questions