With supply chain networks particularly at risk, RTX aims to establish a protected supply chain ecosystem with infrastructure that supports secure collaboration across the supply base. Outdated security systems render companies vulnerable to data breaches and information compromises that could have detrimental effects throughout the supply chain, for our customers, the aerospace and defense industry, and national security. We are steadfast in our commitment to working with our suppliers to keep sensitive information safe, secure and out of the hands of those who would use it to endanger global security.

RTX reminds its suppliers to take appropriate steps to protect RTX information in its possession, and to report cyber incidents in accordance with existing obligations and in a timely manner.

Supplier Incident Reporting

 All suppliers who discover a cyber incident, or suspect a cyber incident may have occurred must report it to RTX

  • If you need to report a data incident involving RTX personal information, please email [email protected].
  • Suppliers who support U.S. Department of Defense (DoD) contracts must first report any suspected cyber incident to https://dibnet.dod.mil in accordance with the version of the DFARS clause flowed on their purchase order and then as soon as practicable to RTX at [email protected].


Build Awareness + Reduce Risk

Cybersecurity Resources

In partnership with leaders from across RTX and the DIB (Defense Industrial Base) Community, we have created the Top 10 Cyber Best Practices guidebook. This resource highlights steps you and your team can take today to reduce risk while providing awareness on available resources to promote resiliency.

The identified top Cyber Best Practices are applicable to any industry and are a starting point on steps you can take to help reduce risk. Each slide briefly describes the best practices, phased actions to take, and some available resources or services to support this best practice. This list is not inclusive of all resources and services available.

Check back for additional updates and resources.

A security architect working on cybersecurity.

Top 10 Best Practices

Learn more

RTX Supplier Cyber Requirements (Applicable to All Suppliers)

RTX Standard Terms & Conditions


Security for RTX, including Third Party, Information

Overview of elements:

  1. Suppliers must develop, implement, maintain, monitor, and update a written security program
  2. Install and implement security hardware and software designed to:
  • protect the integrity of Supplier's network, products, and RTX information
  • guard against security incidents
  • demonstrate compliance to generally accepted cyber frameworks
  1. Restrict access to RTX information to authorized employees and authorized 3rd parties
  2. Use standard encryption methods
  3. Support RTX in investigating cyber incidents


Flow down of U.S. Government Contract Clauses

DFARS 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting.

Suppliers supporting DoD contracts and handing CDI must:

DFARS 252.204-7020 NIST SP 800-171 DoD Assessment Requirements

Applies if suppliers are required to implement NIST SP 800-171 pursuant to DFARS 252.204-7012 for handling CDI/ Prior to award, supplier must have:

  1. Completed at least Basic Assessment within the last three years for all covered contractor information systems
  2. Submitted its summary level scores into the Supplier Performance Risk Systems (SPRS) or via encrypted email to [email protected] for posting to the SPRS


Cybersecurity Maturity Model Certification 2.0

The DoD CIO has published an initial draft of the new CMMC 2.0 ruling. Suppliers are encouraged to stay up to date with the latest CMMC 2.0 information here. At this time all suppliers are encouraged to review their latest NIST 800-171 self-assessments and begin to close any open POAM’s over the coming months.

Frequently Asked Questions