Issue link: https://read.uberflip.com/i/1368361
WHITE PAPER Mercury Assured: Trust mrcy.com 3 STRATEGY Security as a Culture Defense in Layers Cloud-Secure IP Segmentation COMPLIANCE FAR 52.204-21 DFARS 252.204-7012 NIST SP800-171 CMMC Preparation CYBERSECURITY mrcy.com 3 DIGITAL TRANSFORMATION Our Digital Transformation for Engineering is a coordinated change effort at scale that involves a transition to a Development-Security-Operations (DevSecOps) approach in appropriate engineering disciplines. DevSecOps unifies security with development and operations to incorporate automated testing and security as part of our standard product development process. By testing for security compliance with every product build, we identify and resolve security issues so that they do not propagate into final versions of our products. INSIDER TRUST Our Insider Trust effort codifies our commitment to deter and detect intentional and unintentional activities by partners and employees that pose a security threat to Mercury and our customers. This measure uses risk indicators to capture, track and predict behavior that could represent a threat. To minimize the risk of insider theft, Mercury houses and stores restricted hardware and software on an isolated network where data and material access is limited in both its entirety and on a phase-by- phase basis throughout the product design process. Through employee and manager training on potential threat indicators, established reporting and review practices, we are taking appropriate steps to protect not only the classified information which we've been entrusted with but also our trade secrets and proprietary information as well as those of our customers from being compromised. Additionally, Mercury has been awarded the James S. Cogswell Outstanding Industrial Security Achievement Award by the Defense Counterintelligence and Security Agency (DCSA) four times for industrial security excellence in establishing and maintaining security standards beyond the requirements set by the National Industrial Security Program (NISP). Our facilities that participate in the NISP are assessed by the DCSA regularly and continuously receive superior ratings, the highest that can be issued. A baseline security program centralizes access control and monitoring across all locations to correlate incidents and enable remote management. Supporting elements across the five domains of Deliver Uncompromised DIGITAL TRANSFORMATION MANUFACTURING 2 / 2.5 / 3D Class 1000 Clean Rooms CAPABILITIES RF & Digital at Chip Scale Commercial Partnerships Built-In Security MANAGEMENT Supply Chain Verification Compliant Suppliers CERTIFICATIONS DMEA Accredited ISO 9001 Certified IPC 1791 Certified AS5553 & AS9100D Certified PEOPLE Background Checks Cleared Workforce U.S. Persons SITES DCSA Superior Ratings Approved Secure Areas James S. Cogswell Award TOOLS Continuous Security OnePLM Model Based Engineering PROCESS & ARCHITECTURE DevSecOps Agile Principles Cloud-Native-Architecture Digital-Thread INSIDER TRUST INSIDER TRUST CYBERSECURITY SUPPLY CHAIN MANAGEMENT SUPPLY CHAIN MANAGEMENT TRUSTED MICROELECTRONICS Deliver Uncompromised DIGITAL TRANSFORMATION TRUSTED MICROELECTRONICS

