As GE continues to mitigate the risks posed to the government, contractors, and suppliers through cyber-attacks from adversaries with malicious intent, the Defense Industrial Base and their suppliers must work together to protect sensitive information and intellectual property. Awareness of cyber risks and implementation of effective cybersecurity controls and defenses is vital.

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense (DoD) to enhance the cybersecurity posture of companies within the Defense Industrial Base (DIB). The primary goal of CMMC is to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) from cyber threats and ensure that defense contractors and their supply chains have robust cybersecurity practices in place.

CMMC is important because it standardizes cybersecurity requirements across the defense supply chain, ensuring that all contractors and subcontractors meet the necessary security standards to protect sensitive information. Achieving CMMC certification is mandatory for organizations seeking to do business with the DoD, and it helps to safeguard national security by reducing the risk of cyber incidents and data breaches.

The CMMC is crucial for GE suppliers because it ensures the protection of sensitive information within the defense industrial base (DIB). The Department of Defense (DoD) developed CMMC to enhance the cybersecurity posture of companies in the supply chain, particularly those handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

CMMC is important to GE and to its suppliers because of the following:

1. National Security: GE Aerospace, as a major defense contractor, deals with sensitive and classified information. Ensuring that all suppliers meet stringent cybersecurity standards helps protect this information from cyber threats and potential breaches, which could have severe implications for national security.

2. Compliance: CMMC is a mandatory requirement for all DoD contractors and subcontractors. Suppliers must achieve the necessary CMMC level to be eligible for DoD contracts. Non-compliance could result in the loss of existing contracts and the inability to bid on future opportunities.

3. Risk Management: Implementing CMMC practices helps suppliers identify and mitigate cybersecurity risks. This proactive approach reduces the likelihood of cyber incidents that could disrupt operations, lead to financial losses, or damage reputations.

4. Trust and Reliability: By adhering to CMMC standards, suppliers demonstrate their commitment to cybersecurity, building trust with GE Aerospace and other partners. This reliability is essential for maintaining long-term business relationships and ensuring the smooth execution of projects.

5. Competitive Advantage: Suppliers who achieve CMMC certification may gain a competitive edge over those who do not. It signals to potential customers and partners that the supplier is capable of safeguarding sensitive information, which can be a deciding factor in contract awards.

In summary, CMMC is vital for GE suppliers to ensure the security of sensitive information, comply with DoD requirements, manage risks effectively, build trust, and maintain a competitive advantage in the defense industry

Artificial Intelligence

GE Aerospace deploys use of artificial intelligence consistent with and compliant to regulatory and contractual requirements.

Artificial Intelligence (AI) refers to the capability of a digital computer or computer-controlled robot to perform tasks commonly associated with intelligent beings. These tasks include reasoning, learning, problem-solving, perception, and language understanding.

AI is used in various fields, including:

• Finance: AI helps in generation of financial reports, financial modeling, and risk management.
• Customer Service: AI chatbots provide real-time customer support and enhance user experience.
• Engine Diagnostics: AI can be used to analyze various technical components of engines and parts to analyze performance and efficiency.
  
  
  

GE suppliers who desire to use AI will need to assess and determine that any proposed use of AI tools is compliant with regulatory and contract requirements.

Unique Contract Requirements:

Beyond regulatory requirements, there maybe instances where a supplier may be engaged to support a program that has unique requirements such as US citizenship access only. In order to do business with GE where contract requirement in addition to regulatory requirements exists, the supplier must demonstrate it can meet those unique contract requirements.

Additional Global Regulatory Requirements

In addition, the regulatory requirements enumerated in the US and UK, suppliers should be aware that GE must comply with global sovereignty laws and regulatory requirements of all Countries it conducts business. Any GE supplier doing business in any jurisdiction will be required to comply with requirements pertaining to a specific nation.