White Paper

WHITE PAPER Mercury Assured: Trust mrcy.com 4 CYBERSECURITY Our IT team continually enhances our cybersecurity infrastructure to keep pace with new and evolving threats and comply with the U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) to safeguard controlled unclassified information (CUI). We monitor our data and control data movement within our internal networks based on data type. We have established internal phishing testing programs that provide monthly metrics on employee awareness and compliance and serve as ongoing training for our employees on phishing attacks. Cybersecurity awareness is deeply embedded in our culture and goes hand-in-hand with our Engineering Digital Transformation approach. SUPPLY CHAIN MANAGEMENT Not only are we focused on managing Mercury 's internal data, but it is also equally important to manage data that is provided to our suppliers or that comes from our suppliers. As part of our efforts to manage our supply chain, we have contracted an outside agency to assess our suppliers' cybersecurity capabilities. Our vendors must ensure their IT infrastructures meet FAR 52.204-21 and DFARS 252.204- 7012 requirements, and we proactively assist non-compliant vendors in meeting this prerequisite. We are introducing a supply chain communication portal to control and restrict data that is shared with suppliers. Further, we are closely managing the number of suppliers to maintain strong controls. All these efforts help us identify risks and ensure that our suppliers are managing data appropriately. Mercury is a Defense Microelectronics Activity (DMEA) accredited "trusted supplier " and a Trusted Electronic Designer, Fabricator and Assembler with IPC-1791-certified facilities manufacturing logic components ranging from DMEA microelectronics to motherboards. Our industry- leading capabilities combined with robust, secure processes, independent auditing and scorecards, means our IPC-1791- certified facilities deliver complete supply chain traceability. TRUSTED MICROELECTRONICS Our high level of research and development (R&D) investments and industry-leading trusted and secure design and manufacturing capabilities are foundational tenets of Mercury Assured. The DoD is focused on protecting its defense electronic systems and the information within them from nefarious activities such as tampering, reverse engineering and other forms of advanced attacks, including cyber. These additional security requirements have arisen because the commercial technology sector continues to offshore more of the design, development, manufacturing and support of electronics, making it more challenging to protect against these types of vulnerabilities. These factors have led Mercury to expand our world-class sensor processing into technologies ranging from advanced secure processing subsystems to custom microelectronics devices and capabilities for other onboard critical computing applications designed, developed, manufactured and supported in the U.S. in support of the DoD's mandate to ensure both the provenance and integrity of its electronics supply chain. Supporting elements across the five domains of Deliver Uncompromised DIGITAL TRANSFORMATION MANUFACTURING 2 / 2.5 / 3D Class 1000 Clean Rooms CAPABILITIES RF & Digital at Chip Scale Commercial Partnerships Built-In Security MANAGEMENT Supply Chain Verification Compliant Suppliers CERTIFICATIONS DMEA Accredited ISO 9001 Certified IPC 1791 Certified AS5553 & AS9100D Certified PEOPLE Background Checks Cleared Workforce U.S. Persons SITES DCSA Superior Ratings Approved Secure Areas James S. Cogswell Award TOOLS Continuous Security OnePLM Model Based Engineering PROCESS & ARCHITECTURE DevSecOps Agile Principles Cloud-Native-Architecture Digital-Thread INSIDER TRUST SUPPLY CHAIN MANAGEMENT TRUSTED MICROELECTRONICS STRATEGY Security as a Culture Defense in Layers Cloud-Secure IP Segmentation COMPLIANCE FAR 52.204-21 DFARS 252.204-7012 NIST SP800-171 CMMC Preparation CYBERSECURITY

• Cover