Skip to main content

Press Releases

Aug 12, 2019

Mercury Systems Excels in Third-Party DFARS/NIST Security Assurance Assessment

ANDOVER, Mass., Aug. 12, 2019 (GLOBE NEWSWIRE) -- Mercury Systems, Inc. (NASDAQ: MRCY, announced that after a comprehensive third-party audit, it has received a letter of assurance confirming it has satisfactory controls in place for 100% of the cybersecurity requirements of the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 and the National Institute of Standards and Technology Special Publication (NIST SP) 800-171A.

The five-week assessment, conducted by Cytellix Corporation, the cybersecurity division of Information Management Resources, Inc., established that Mercury Systems implemented satisfactory controls and complied with all 110 information protection requirements. Ensuring these regulations flow through the entire supply chain is critical to the success of the DFARS/NIST cybersecurity initiative, which is quickly becoming a mandatory requirement for winning new defense contracts. Mercury Systems is one of a small percentage of companies that have received objective verification of having a “complete” cybersecurity controls program in place, demonstrating its commitment to helping its customers meet their trusted supply chain requirements.

“Mercury has always been committed to safeguarding protected information and made compliance with the latest DFARS and NIST standards a top priority,” said Jeff Eason, Mercury Systems’ Chief Information Officer. “We have invested significantly in building out best-in-class cybersecurity capabilities in parallel with our ongoing participation in defense security initiatives such as the National Industrial Security Program (NISPOM). Receiving this independent third-party validation of our cybersecurity controls program is a major milestone in our comprehensive defense industrial security plan.”

Cyber and information warfare are the latest battlefields in the race for commercial and military dominance. The Department of Defense (DoD) launched this compliance program in an effort to broaden and deepen the security practices of companies supplying mission-critical products and services to the U.S. government and provide further protection against cyber threats. DFARS 252.204-712, “Safeguarding Covered Defense Information and Cyber Incident Reporting”, published October 2016, was specifically designed to ensure the protection of Controlled Unclassified Information (CUI) by non-federal agencies, or “Contractors”. It covers information technology (IT) cybersecurity from printers to servers to cloud computing, and it mandates compliance with NIST 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. NIST 800-171 contains 110 requirements across 14 families of information control, all of which contractors must be compliant with to ensure sufficient safeguards are in place to protect CUI against cyberattacks.

Recent studies have shown that most contractors fully comply with less than 60% of the requirements contained in NIST 800-171. According to Brian Berger, President of Cytellix Corporation, “Cytellix has been specializing in cybersecurity for over a decade as a trusted partner to the US Government, as well as a multitude of small, medium and large businesses, providing turnkey capabilities to the defense and commercial markets. Our team conducted a comprehensive and detailed review of Mercury Systems’ information controls program which has satisfactorily met the objectives of the NIST 800-171 based on a sampling of the requirements as well as the related cybersecurity requirements as outlined in the DFARS 252.204-7012 clause.”

For more information on Mercury Systems, visit or contact Mercury at (866) 627-6951 or

Mercury Systems – Innovation That Matters®
Mercury Systems is a leading commercial provider of secure sensor and safety-critical processing subsystems. Optimized for customer and mission success, Mercury's solutions power a wide variety of critical defense and intelligence programs. Headquartered in Andover, Mass., Mercury is pioneering a next-generation defense electronics business model specifically designed to meet the industry's current and emerging technology needs. To learn more, visit and follow us on Twitter.

Forward-Looking Safe Harbor Statement

This press release contains certain forward-looking statements, as that term is defined in the Private Securities Litigation Reform Act of 1995, including those relating to the products and services described herein and to fiscal 2019 business performance and beyond and the Company’s plans for growth and improvement in profitability and cash flow. You can identify these statements by the use of the words “may,” “will,” “could,” “should,” “would,” “plans,” “expects,” “anticipates,” “continue,” “estimate,” “project,” “intend,” “likely,” “forecast,” “probable,” “potential,” and similar expressions. These forward-looking statements involve risks and uncertainties that could cause actual results to differ materially from those projected or anticipated. Such risks and uncertainties include, but are not limited to, continued funding of defense programs, the timing and amounts of such funding, general economic and business conditions, including unforeseen weakness in the Company’s markets, effects of any U.S. Federal government shutdown or extended continuing resolution, effects of continued geopolitical unrest and regional conflicts, competition, changes in technology and methods of marketing, delays in completing engineering and manufacturing programs, changes in customer order patterns, changes in product mix, continued success in technological advances and delivering technological innovations, changes in, or in the U.S. Government’s interpretation of, federal export control or procurement rules and regulations, market acceptance of the Company's products, shortages in components, production delays or unanticipated expenses due to performance quality issues with outsourced components, inability to fully realize the expected benefits from acquisitions and restructurings, or delays in realizing such benefits, challenges in integrating acquired businesses and achieving anticipated synergies, increases in interest rates, changes to cybersecurity regulations and requirements, changes in tax rates or tax regulations, changes to interest rate swaps or other cash flow hedging arrangements, changes to generally accepted accounting principles, difficulties in retaining key employees and customers, unanticipated costs under fixed-price service and system integration engagements, and various other factors beyond our control. These risks and uncertainties also include such additional risk factors as are discussed in the Company's filings with the U.S. Securities and Exchange Commission, including its Annual Report on Form 10-K for the fiscal year ended June 30, 2018. The Company cautions readers not to place undue reliance upon any such forward-looking statements, which speak only as of the date made. The Company undertakes no obligation to update any forward-looking statement to reflect events or circumstances after the date on which such statement is made.

Robert McGrail, Director of Corporate and Investor Communications
Mercury Systems, Inc.
+1 978-967-1366 /

Mercury Systems and Innovation That Matters are registered trademarks of Mercury Systems, Inc. Other product and company names mentioned may be trademarks and/or registered trademarks of their respective holders.