Ministry Of Defence
Defence Cyber Protection Partnership (DCPP)
The Defence Cyber Protection Partnership is a collaboration between Ministry of Defence (MOD), Industry, and other Government departments. Its aim is to build cyber security into the Defence Supply Chain, which is achieved through the Cyber Security Model (CSM). The Executive Group, which gives strategic direction, is currently chaired by a large defence industry supplier.
The Cyber Security Model (CSM) is a risk-based proportionate approach to protecting MOD data in the supply chain. It will also help to protect companies against data theft and ransomware. Since 2017, It has been mandated across all MOD contracts.
I need to complete / know of the DCPP Cyber Security Model
I want to understand more about the Cyber Security Model
DCPP Cyber Security Model (CSM)
To use our online tool you can go onto Supplier Cyber Protection page on GOV.UK.
This allows completion of the Risk Assessment (RA) and Supplier Assurance Questionnaire (SAQ). You will need to register and log in using multi-factor authentication (help desk can provide additional support).
MOD users will need to use their work email address and a specific MOD DUNs number.
Additional information
-
Preview the Risk Assessment
-
Preview the Supplier Assurance Questionnaire
-
For more information: Contact Us
Def Stan 05-138
This is the Defence Standard defining the controls required for each Cyber Risk Profile (level).
Note: This Def Stan is being revised and therefore not in step with the online SAQ. Updated requirements can be viewed at the Cyber Security Model: cyber risk profiles requirements page on GOV.UK.
DEFCON 658
This is the contractual Defence Condition that references supply chain cyber security.
Defence Industry Warning, Advice and Reporting Point (WARP)
There is a requirement to report security incidents where MOD data might be involved
Understanding more about the Cyber Security Model
Watch a video explaining the Cyber Security Model
The Cyber Risk Profile is assessed on six questions relating to:
Electronic exchange or creation of MOD Identifiable Information
Classification
Personal data
Connectivity to MOD networks
Cyber Essentials underpins the MOD Cyber Risk Profiles. Cyber Essentials is a certification scheme identifying the minimum steps an organisation should take to protect themselves against cyber risk.
The Supplier Assurance Questionnaire is a self-assessment for organisations to demonstrate how they meet our requirements. The online tool allows sample questionnaires to be completed to identify gaps. Where there are differences a Cyber Implementation Plan (CIP) should be completed, particularly if an alternative cyber security standard is used.
Further information on CIPs can be found in:
-
Annex D of the Buyer Supplier Guide
News
Def Stan 05-138 issue 3 will open to review on 25th March 2021 at the Defence Standarization website
Cyber Essentials: Requirements for IT Infrastructure
Contact Us
The DCPP Team can be contacted by email on: issdes-dcpp@mod.gov.uk or LinkedIn Group.
DCPP group on the NCSCs Cyber Information Sharing Partnership (CISP), register at NCSCs Cyber Information Sharing Partnership (requires sponsorship).
Recommended links
- Supplier Cyber Protection: online tool for cyber security Model
- Cyber security for defence suppliers (Def Stan 05-138 v2)
- Defence Condition 658 (DEFCON 658)
- Cyber risk profiles (updated July 2020)
- Supplier Assurance Questionnaire (Dec 2019)