Cybersecurity Compliance Requirements for Suppliers

This document is a guide detailing the cybersecurity compliance requirements for suppliers working with Rolls-Royce on U.S. Department of Defense (DoD) contracts. It outlines the necessity for suppliers to adhere to the Rolls-Royce Supplier Minimum Cyber Security Standard and comply with NIST Special Publication 800-171, which mandates the protection of unclassified information. Suppliers are required to perform a scored self-assessment and submit their assessment score to the DoD through the Supplier Performance Risk System (SPRS). The document also specifies compliance with Defense Federal Acquisition Regulation Supplement (DFARS) requirements, including key clauses that govern the safeguarding of Covered Defense Information and cyber incident reporting. It emphasizes the importance of timely self-assessments, registration in SAM.gov, and the submission of scores against CAGE codes. Additional information regarding exceptions and supplier communication is also provided.