|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
We face a multitude of cybersecurity threats that range from attacks common to most industries, such as ransomware and denial-of-service, to attacks from more advanced and persistent, highly organized adversaries, including nation state actors, that target the defense industrial base and other critical infrastructure sectors. Our customers, suppliers, subcontractors and joint venture partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance and results of operations.Our Cybersecurity program is built upon the National Institute of Standards and Technology Cybersecurity Maturity Framework (the “NIST CSF Framework”), which includes the standards outlined in both NIST 800-53, Security and Privacy Controls for Information Systems and Organizations, and NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The NIST CSF is issued by the U.S. government as a guideline to manage cybersecurity-related risk. Additionally, we also employ industry best practices and other global and local standards and regulations as we continuously evaluate our risks. We utilize independent third-parties to assess our adherence to these frameworks.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|Our Cybersecurity program is built upon the National Institute of Standards and Technology Cybersecurity Maturity Framework (the “NIST CSF Framework”), which includes the standards outlined in both NIST 800-53, Security and Privacy Controls for Information Systems and Organizations, and NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The NIST CSF is issued by the U.S. government as a guideline to manage cybersecurity-related risk. Additionally, we also employ industry best practices and other global and local standards and regulations as we continuously evaluate our risks. We utilize independent third-parties to assess our adherence to these frameworks.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required. We have established a Governance, Risk, and Compliance (GRC) program to further strengthen our cybersecurity risk management activities across the Company, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The CISO reports information about such risks to the Board of Directors.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required. We have established a Governance, Risk, and Compliance (GRC) program to further strengthen our cybersecurity risk management activities across the Company, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The CISO reports information about such risks to the Board of Directors.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required. We have established a Governance, Risk, and Compliance (GRC) program to further strengthen our cybersecurity risk management activities across the Company, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The CISO reports information about such risks to the Board of Directors.
Our cybersecurity strategy is built upon the principle that cybersecurity risk is business risk and must be addressed within the context of the overall enterprise risk. Our practices include development, implementation, and improvement of policies, standards, and guidelines, which serve as the foundation of our program. We continuously monitor cybersecurity vulnerabilities and potential attack vectors and evaluate the potential operational impacts of any threat and cybersecurity risk countermeasures made to defend against such threats. We leverage government partnerships, industry and government associations, third-party benchmarking, and threat intelligence to safeguard information and ensure availability of critical data and systems.
We have a robust Incident Response Plan that coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess, escalate, contain, investigate, and remediate the incident, as well as comply with potentially applicable legal obligations and mitigate brand and reputational damage.
Our Cybersecurity Awareness Program engages personnel through training on how to identify potential cybersecurity risks and protect BigBear.ai’s resources and information. This training is mandatory for all employees and is supplemented by enterprise testing initiatives, including periodic phishing tests. We provide specialized security training for certain employees, such as application developers.We carry cyber liability insurance to provide a level of financial protection should a data breach occur.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC).
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|
Our Cybersecurity program is supervised by a dedicated Chief Information Security Officer (CISO), who has over 16 years experience in cybersecurity and operations and holds the following certifications: Certified Information Systems Security Professional (CISSP) and Certification in Risk and Information Systems Control (CRISC). The CISO’s team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. A strong partnership exists between our Information Technology, Cybersecurity, Internal Audit, and Legal functions so that identified issues are addressed in a timely manner and incidents are reported to the appropriate regulatory bodies as required. We have established a Governance, Risk, and Compliance (GRC) program to further strengthen our cybersecurity risk management activities across the Company, including the prevention, detection, mitigation and remediation of cybersecurity incidents. The CISO reports information about such risks to the Board of Directors.
Our cybersecurity strategy is built upon the principle that cybersecurity risk is business risk and must be addressed within the context of the overall enterprise risk. Our practices include development, implementation, and improvement of policies, standards, and guidelines, which serve as the foundation of our program. We continuously monitor cybersecurity vulnerabilities and potential attack vectors and evaluate the potential operational impacts of any threat and cybersecurity risk countermeasures made to defend against such threats. We leverage government partnerships, industry and government associations, third-party benchmarking, and threat intelligence to safeguard information and ensure availability of critical data and systems.
We have a robust Incident Response Plan that coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess, escalate, contain, investigate, and remediate the incident, as well as comply with potentially applicable legal obligations and mitigate brand and reputational damage.Our Cybersecurity Awareness Program engages personnel through training on how to identify potential cybersecurity risks and protect BigBear.ai’s resources and information. This training is mandatory for all employees and is supplemented by enterprise testing initiatives, including periodic phishing tests. We provide specialized security training for certain employees, such as application developers.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef