Detailed guide: Defence Cyber Protection Partnership

Ministry Of Defence

March 30
16:06 2021

Defence Cyber Protection Partnership (DCPP)

The Defence Cyber Protection Partnership is a collaboration between Ministry of Defence (MOD), Industry, and other Government departments. Its aim is to build cyber security into the Defence Supply Chain, which is achieved through the Cyber Security Model (CSM). The Executive Group, which gives strategic direction, is currently chaired by a large defence industry supplier.

The Cyber Security Model (CSM) is a risk-based proportionate approach to protecting MOD data in the supply chain. It will also help to protect companies against data theft and ransomware. Since 2017, It has been mandated across all MOD contracts.

I need to complete / know of the DCPP Cyber Security Model

I want to understand more about the Cyber Security Model

I want to know what is new

Contact Us

DCPP Cyber Security Model (CSM)

To use our online tool you can go onto Supplier Cyber Protection page on GOV.UK.

This allows completion of the Risk Assessment (RA) and Supplier Assurance Questionnaire (SAQ). You will need to register and log in using multi-factor authentication (help desk can provide additional support).

MOD users will need to use their work email address and a specific MOD DUNs number.

Additional information

Def Stan 05-138

This is the Defence Standard defining the controls required for each Cyber Risk Profile (level).

Note: This Def Stan is being revised and therefore not in step with the online SAQ. Updated requirements can be viewed at the Cyber Security Model: cyber risk profiles requirements page on GOV.UK.


This is the contractual Defence Condition that references supply chain cyber security.

Defence Industry Warning, Advice and Reporting Point (WARP)

There is a requirement to report security incidents where MOD data might be involved

Understanding more about the Cyber Security Model

Watch a video explaining the Cyber Security Model

The Cyber Risk Profile is assessed on six questions relating to:

Electronic exchange or creation of MOD Identifiable Information


Personal data

Connectivity to MOD networks

Cyber Essentials underpins the MOD Cyber Risk Profiles. Cyber Essentials is a certification scheme identifying the minimum steps an organisation should take to protect themselves against cyber risk.

The Supplier Assurance Questionnaire is a self-assessment for organisations to demonstrate how they meet our requirements. The online tool allows sample questionnaires to be completed to identify gaps. Where there are differences a Cyber Implementation Plan (CIP) should be completed, particularly if an alternative cyber security standard is used.

Further information on CIPs can be found in:


Def Stan 05-138 issue 3 will open to review on 25th March 2021 at the Defence Standarization website

Cyber Breaches Survey 2021

Cyber Essentials: Requirements for IT Infrastructure

Contact Us

The DCPP Team can be contacted by email on: or LinkedIn Group.

DCPP group on the NCSCs Cyber Information Sharing Partnership (CISP), register at NCSCs Cyber Information Sharing Partnership (requires sponsorship).

Related Articles


  1. We don't have any comments for this article yet. Why not join in and start a discussion.

Write a Comment

Your name:
Your email:

Post my comment

Recent Comments

Follow Us on Twitter

Share This

Enjoyed this? Why not share it with others if you've found it useful by using one of the tools below: