Aerojet Rocketdyne (AR) takes the protection of information seriously. Some contracts are subject to information security obligations to the Department of Defense and NASA.

This page provides important resources for our suppliers to be able to comply with cybersecurity requirements of the Agreements and Purchase Orders they receive. AR incorporates cybersecurity requirements in its General Provisions, Supplemental Government Terms and Conditions, and the Annual Business Certification (ABC). Links to resources are provided below.

Cybersecurity Maturity Model Certification (CMMC)

  • What is CMMC? CMMC is the DoD process beginning in late 2020 in which independent third-party auditors trained and accredited by the DoD will assess its suppliers’ compliance to DoD Federal Acquisition Registration (FAR) Supplement (DFARS) 252.204-7012 and NIST SP 800-171.
  • How does CMMC work? Accredited CMMC auditors will review all DoD suppliers and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. The third-party cybersecurity assessments should result in supplier certifications ranging from 1 (lower – basic cyber hygiene) to 3 (for suppliers that access Controlled Unclassified Information (CUI)), or 5 (highest – most advanced compliance).
  • What is the Impact to Suppliers? Government solicitations will specify the CMMC level required for prime contractors and subcontractors at all tiers of the supply chain. As the CMMC program continues to mature over the next few years, eventually all suppliers to Aerojet Rocketdyne under DoD programs will require CMMC to the appropriate level to participate on DoD programs.

Please learn about the CMMC program and be cybersecurity compliant to meet AR’s expectations for its suppliers. AR believes the resources provided below will be helpful.

Supplier Resources