Defense capabilities are supported by complex supply chains. This is true for weapons systems and large “systems of systems” that enable force projection — for example, a weapons system like the F-35 Fighter. It is also true for service supply chains — for example, the array of private logistics firms that the Department of Defense (DoD) relies upon to transport personnel and equipment around the world. Important requirements for both capabilities (force projection and transportation) now depend on the cybersecurity and related assurance level of third parties. While supplier, vendor, and contracts relationships provide cost savings and flexibility to the DoD, they also come with risks.