Please find a list of Exostar’s common terms and their definitions below.
A
| Activation | Process of registering a credential to a specific user account / user ID. |
| Adoption | Process where our partners and other selected large companies can invite their partners to MAG application. |
| Adoption Administrator | Adoption Administrators is only available to Partner companies. Adoption Admins are responsible for inviting suppliers to use MAG and subscribing them to their partner’s applications. |
| Application | Is a web-based solution that a user or administrator can access specific Buyer applications through Exostar’s Managed Access Gateway or Secure Access Manager. (Some applications are specific to the Buyer and link to the Buyer’s specific web portal). |
| Application Administrator | App Admins can only manage users, accept terms & conditions for the specific applications they administer. Can only manage requests for applications they are administering, and they are responsible for approving or denying access to that specific application. |
| Assertions | Assertions means self-assertions made by the Supplier User on behalf of their company or entity. |
| Authentication | Process of verifying the identity of a person or device (i.e. entering password or answering security questions to reset your password). |
| Authorized User | “Authorized User” or “User” means, collectively, employees, agents or representatives of Subscriber, that Subscriber authorizes to use the Exostar Platform or any Service on Subscriber’s behalf, for whom Subscriber has purchased a subscription, or for whom Subscriber has arranged for a subscription to be purchased, and the applicable fees for which subscription have been paid or are to be paid, including an individual employee or agent of Subscriber who has met the standards and is authorized to be issued a Digital Certificate. Any acts or omissions of Authorized Users and/or a User shall be deemed to be those of Subscriber for purposes of this Agreement. |
| Authy™ | The Exostar Mobile ID service sits on top of the Authy™ mobile app. Authy™ uses two-factor authentication, for quick and convenient access. |
B
| B2B Integrations | Is a solution for high volume suppliers where buyers and suppliers can seamlessly exchange information via EDI or other file formats such as XCBL and Flat File. |
| Basic Level of Assurance (BLOA) | BLOA Software/Digital certificate; lower credential strength; does not require in-person proofing and may be stored on the user’s computer. |
| Binding | Process of associating a hardware token with a single Exostar account and User ID. |
| Buyer | Is someone who is a part of a company that is inviting a supplier (a company that provides goods or services) to use an application. A buyer determines the level of two-factor authentication (2FA) that is required for the supplier. |
C
| Certification Assistant | Is a SaaS-based tool used to assist DoD contractors in meeting and managing Cybersecurity Maturity Model Certification (CMMC) requirements. |
| CMMC Ready Suite | CMMC Ready Suite is a bundle of Exostar cloud-based services that enable an organization seeking US DoD (aka DoW) CMMC Level 2 assessment or certification to comply with the NIST Special Publication 800-171 version 2 controls. |
| Credential Strength | Level of security to verify a user’s identity in combination with password. Stronger levels include Phone OTP, Digital Certificates or Hardware Tokens which are harder to compromise. |
| Credentials | Credentials are used (in addition to password protection) to confirm your identity with Exostar. (Examples are: Phone One-Time Password, Hardware OTP, Exostar Mobile ID, and Medium Level of Assurance (MLOA) certificates. |
| Cybersecurity Compliance Attestation (CCA) | Cybersecurity Compliance Attestation (CCA) is a formal declaration, often via a questionnaire or report, where an organization confirms its adherence to specific U.S. government cybersecurity regulations, particularly for defense contractors, like the DoD’s Cybersecurity Maturity Model Certification (CMMC) and DFARS clauses, proving they have controls in place to protect sensitive information and build trust. It’s a critical tool, especially in supply chains, to verify security posture before handling controlled unclassified information (CUI). |
| Cybersecurity Maturity Model Certification (CMMC) | The Cybersecurity Maturity Model Certification (CMMC) is a new requirement for existing DoD contractors, replacing the self-attestation model and moving to third-party certification. In November 2021, the Department announced “CMMC 2.0,” an updated program structure and requirements designed to achieve the primary goals of the internal review: – Safeguard sensitive information to enable and protect the warfighter – Dynamically enhance DIB cybersecurity to meet evolving threats – Ensure accountability while minimizing barriers to compliance with DoD requirements – Contribute towards instilling a collaborative culture of cybersecurity and cyber resilience – Maintain public trust through high professional and ethical standards |
D
| DoD Common Access Card (CAC) | CAC provides users access the Boeing Supplier Portal or other applications in Exostar’s Managed Access Gateway (MAG). |
| (Other) DoD System Access | DoD Trading Partners or other individuals who need access to DoD systems can purchase FIS certificates (see below for FIS) through the Exostar Webstore. |
E
| EAG or 3rd Party Credentials | Acceptable 3rd Party Credentials are the NASA PIV card, DoD CAC, and Northrop Grumman OneBadge. EAG credentials are issued by your organization and registered with Exostar. You can associate your company-issued credentials by linking them with your Exostar account for application access. |
| Enterprise Access Gateway (EAG) | EAG is a service that allows users to access Managed Access Gateway (MAG) and any applications and services accessible through the platform, using their company-issued credentials. |
| Exostar Key Management Agent™ (KMA) | KMA™ is a Java based application developed by Exostar. KMA™ replaces ActiveX as your tool for downloading MLOA digital certificates on your hardware token. |
| Exostar’s Managed Microsoft 365 | Exostar Managed Microsoft 365 service refers to providing the customer with a Microsoft 365 tenant that is integrated with the Exostar Platform, via an Exostar Microsoft application. This service enables its customers to ‘search’ and ‘invite’ Subscribers who are currently members of the Exostar Platform to access the new customer’s Exostar Managed Microsoft 365 tenant setup. In addition, Exostar Managed Access for Microsoft 365 enables compliance with enterprise policies by providing customers with the ability to create ‘Microsoft Teams workspaces’ using the Exostar Microsoft Application. |
| Exostar’s Supplier Portal | Exostar Supplier Portal is a comprehensive solution that supports interactions with all suppliers across a range of processes including planning, logistics, quality management, procure-to-pay, supplier onboarding, supply risk assessment, vendor-managed inventory, sourcing and supplier information management. |
| Experian Proofing | (Available only in U.S.) Experian is a credit bureau proofing process, which requires users to verify their identity by answering credit bureau-based questions. |
F
| Federated Identity Service (FIS) | FIS is a comprehensive PKI solution that enables full lifecycle management of certificates, strong authentication practices and controlled access to applications through Exostar’s MAG platform. |
| FIDO (Fast IDentity Online) | FIDO (Fast IDentity Online) is an open standard for strong authentication that replaces passwords with cryptographic security keys, enabling secure, phishing-resistant login through local user verification methods like biometrics, PINs, or hardware tokens. FIDO authentication is a secure authentication method that uses public key cryptography instead of shared secrets, allowing users to verify their identity through local actions (like biometrics, PINs, or security keys) — supporting both password-less and second-factor login options. |
| First-Time Login (FTL) | FTL refers to a user’s very first login into their new MAG account. |
| FIS Administrator | Only has administrative privilege’s for the FIS application. The FIS Admin is responsible for approving or denying access for FIS digital certificate requests. When users request FIS certificates, the request routes to the FIS Administrator for approval. |
| ForumPass | *RETIRING JUNE 2026* Is a solution based on Microsoft SharePoint 2016, which provides organizations with a secure environment for shared projects and documents collaboration. |
I
| Identity and Access Management (IAM) | Process used by companies to ensure that only authorized individuals access their secure systems. Exostar is specialized in offering IAM products and tools (MAG, SAM). |
| Identity Proofing | Identity Proofing is a process used to verify a user identity before issuing secure access to the Exostar platform and applications it contains. (Two types: Video and Experian). |
| Information Manager | Is a secure supplier information portal that enables targeted collaborative information sharing between buyers and their suppliers. |
L
| Level of Assurance | Level of Assurance information is based on the NIST Special Publication 800-63 and provided as a reference only. Unless otherwise noted, the provided equivalence does not necessarily constitute adherence to an industry certification nor acceptance by a specific Exostar connected application. |
| License Key | A license key is a unique code or token that allows the user to identify themselves as a paying customer. Some Exostar credentials require a license key in order to activate and this license key is provided upon full payment. |
| Link Accounts | Linking or Connecting Accounts is a process of connecting multiple Exostar user IDs to one user and/or associating an enterprise user with an Exostar account and user ID. |
| Live Video Proofing | Process done via Microsoft Teams interview where a user shows a valid government-issued photo identification to prove your identity to Exostar’s proofing agent. (This is done for International Users who need a Proofing Credential or US-based Users who have elected to not do the Experian proofing). |
M
| Managed Access Gateway (MAG) | MAG is a secure identity & access management cloud service which provides web-based single sign-on user access, and a single place to connect to partner applications for the Aerospace & Defense industries. |
| Exostar’s Managed Secure Desktop | Exostar’s Managed Secure Desktop allows customer to access a certified desktop that allows access to CUI with multiple suppliers in a consistent manner and keep track of all documentation between them, while remaining compliant with CMMC 2.0 level 2 / NIST SP 800-171 and US Export Control (ITAR, EAR etc.). |
| Medium Level of Assurance (MLOA) | MLOA Software certificate/ Hardware token, medium to high credential strength; does require in-person proofing required and is stored on a user’s hard drive or USB security hardware token. |
| Mobile ID | Mobile ID service allows users to utilize a smartphone app for generating One Time Passwords. |
O
| Onboarding | Process of getting users and organizations up and running on the Exostar platform. |
| One-Time Password (OTP) | OTP ensures that only authorized users have access to Exostar’s applications. 3 Types: Phone OTP, Mobile ID and Hardware Token (see additional terms below to learn more). |
| Organization | Any entity within the Exostar platform that can collaborate with other organizations. |
| Organization Administrator | Is responsible for performing activities on behalf of their organization. An organization can have a single or multiple Organization Administrators. The Org Admin is responsible for creating and managing users in your organization, approving requests, accepting terms & conditions for all applications as well as performing additional tasks. |
| Organization ID | Organizations registered with Exostar will have a unique Organization ID (Org ID). |
| Organization Steward | Organization Steward role allows a single user to exercise administrative control over groups of designated organizations. Org Stewards have the same privileges and responsibilities as Organization and Application Administrators for all applications the organizations are subscribed to. |
| OTP Hardware Token | OTP Hardware Token generates a random single-use password for each logon. Used in combination with other Exostar credentials, such as user ID and password, the token reduces the risk of un-authorized access to systems and information. |
P
| Password | Is a string of characters used to verify the identity of a user during the authentication process. Passwords can vary in length and can contain letters, numbers and special characters. Passwords are used in combination with usernames/User ID’s and allow a user to gain access to an application. |
| Phone OTP | Phone OTP allows you to register your mobile phone or LAN line phone to receive one-time passwords via text or voice. Each time you log into the Exostar platform, you will be required to enter your user ID, password, and Phone OTP code to access an application that requires the credential. Phone OTP is used in combination with your MAG user ID and password. Using this two-factor authentication (Phone OTP + username and password) reduces the risk of unauthorized access to your account and provides added security. |
| PolicyPro | runs on ISMS Applications’ cloud platform. PolicyPro is your one-stop-shop to evaluate, create, enforce, document and manage your security policies to ensure you meet all NIST 800-171 and CMMC directives. |
| ProviderPass | ProviderPass is a solution that enables Electronic Health Record (EHR) vendors to support Electronic Prescribing Controlled Substances (EPCS) within their e-Prescribing platform. |
R
| Risk Management | Is the vertical of Exostar products, designed to mitigate cyber-risks to supply chains of companies within Aerospace & Defense. |
S
| Secure Access Manager (SAM) | SAM is a portal that provides single sign-on service with secure registration, authentication, and account management for Lifesciences & Healthcare applications. |
| Secure Applications | Any application that is accessible inside the Exostar platform is considered a secure application. Based on the requirements of the application provider, a higher level of authentication may be necessary to access the application. |
| Secure Collaboration | Is a vertical for Exostar’s applications that securely and compliantly share business sensitive information internally and externally. |
| Secure Source-to-Pay | Is a hosted, Software-as-a-Service (SaaS) offering that spans across the purchase lifecycle including sourcing, contract management, supplier relationship management, procurement, payments and invoicing. |
| Service Provider Administrator | The SP Admin role is only available to partner companies. There are two types of SP Administrator roles: administrative and view only. The SP Administrator role with administrative permissions allows users to approve or deny access for specified partner applications, as well as to resend provisioning records. The SP Administrator role has view only permissions. Additionally, SP Administrators can run reports. |
| Sponsor | Sponsor means a company or entity outside of Subscriber’s organization also subscribing to the Service. “Sponsor” may also mean, depending on the context, an organization that supports the connection of a Relying Party or Remote Identity Provider to Exostar system. |
| Sponsor Codes | A Sponsor code is a short identifier used to show who is responsible for and/or paying for a user’s access to an application or service. At its core, a sponsor code answers one question: “Which Organization is sponsoring this user’s access?” – Buyer-funded sponsor codes indicate that access is paid for by a larger customer (for example, a prime or enterprise customer sponsoring suppliers under a group contract). – Self-funded sponsor codes indicate that the supplier or user’s organization is paying for its own licenses, typically tied to a recorded sales or renewal opportunity. Sponsor codes are used by: Application owners, onboarding, and customer success teams to determine responsibility and entitlement Administrators to approve or deny access correctly Finance and reporting teams to ensure accurate billing, renewals, and cost attribution. |
| Sponsor Managed Organization (SMO) | Sponsor Managed Organization (SMO) or “Sponsored Organization” means an organization that is managed by a Sponsor for the purposes of accessing Sponsored Applications via the Exostar Platform. The Sponsor is responsible for onboarding, credentialing, and maintaining the SMO’s access and compliance with applicable security requirements. |
| Sponsored User | Sponsored User means (1) a company or entity invited by a Sponsor to participate in one or more sessions with the Sponsor, and (2) which company’s, or entity’s, sole use of the Service is to participate in such sessions. |
| Supplier | Supplier is a company that provides goods or services to a Buyer. Suppliers must be invited first to access the application by the Buyer. Once access is approved, the Supplier can access the application with the level of two factor authentication (2FA) required by the Buyer. |
| Supplier Management | Supplier Management Module, or “Supplier Management Module Service”, means the service offered by Exostar allowing Subscriber to collect certain self-assertions from their suppliers on the Exostar Platform. The Managed Access Gateway Service will be the access point to this service for Subscriber and the way Subscriber will interact with other subscribers to accept their Assertions. |
| Supply Chain Management | Supply Chain Management is a vertical for Exostar’s applications that maximize visibility and redeploy resources to critical tasks while improving your order response and fulfillment cycle times. |
| Supply Chain Platform | SCP enables visibility and control of supply chain operations and performance. The solution provides a real-time, end-to-end picture of demand planning and order management. |
T
| Trading Partner Manager (TPM) | TPM is a solution that provides complete registration life-cycle for supplier invitation and registration. Lockheed Martin uses TPM to invite new or existing Exostar Managed Access Gateway (MAG) customer partners (suppliers) to access the Lockheed Martin Procure-to-Pay (LMP2P) portal. |
| Two-Factor Authentication (2FA) | 2FA is an extra layer of security that is known as multi-factor authentication. Types of 2FA are: One-Time Passwords sent to users’ phones, tokens, or Mobile ID app ensure that only authorized users can login. |
U
| User | Is a basic role that has access to application(s) and does not have any administrative privileges for their organization’s account. |
| User ID | Is a unique alpha-numeric name assigned to a user who is registered with the Exostar platform. It is required in conjunction with a user password in order to access the platform. |