Ministry Of Defence
Defence Cyber Protection Partnership (DCPP)
The Defence Cyber Protection Partnership is a collaboration between Ministry of Defence (MOD), Industry, and other Government departments. Its aim is to build cyber security into the Defence Supply Chain, which is achieved through the Cyber Security Model (CSM). The Executive Group, which gives strategic direction, is currently chaired by a large defence industry supplier.
The Cyber Security Model (CSM) is a risk-based proportionate approach to protecting MOD data in the supply chain. It will also help to protect companies against data theft and ransomware. Since 2017, It has been mandated across all MOD contracts.
DCPP Cyber Security Model (CSM)
To use our online tool you can go onto Supplier Cyber Protection page on GOV.UK.
This allows completion of the Risk Assessment (RA) and Supplier Assurance Questionnaire (SAQ). You will need to register and log in using multi-factor authentication (help desk can provide additional support).
MOD users will need to use their work email address and a specific MOD DUNs number.
Preview the Risk Assessment
Preview the Supplier Assurance Questionnaire
For more information: Contact Us
This is the Defence Standard defining the controls required for each Cyber Risk Profile (level).
Note: This Def Stan is being revised and therefore not in step with the online SAQ. Updated requirements can be viewed at the Cyber Security Model: cyber risk profiles requirements page on GOV.UK.
This is the contractual Defence Condition that references supply chain cyber security.
Defence Industry Warning, Advice and Reporting Point (WARP)
Understanding more about the Cyber Security Model
Watch a video explaining the Cyber Security Model
The Cyber Risk Profile is assessed on six questions relating to:
Electronic exchange or creation of MOD Identifiable Information
Connectivity to MOD networks
Cyber Essentials underpins the MOD Cyber Risk Profiles. Cyber Essentials is a certification scheme identifying the minimum steps an organisation should take to protect themselves against cyber risk.
The Supplier Assurance Questionnaire is a self-assessment for organisations to demonstrate how they meet our requirements. The online tool allows sample questionnaires to be completed to identify gaps. Where there are differences a Cyber Implementation Plan (CIP) should be completed, particularly if an alternative cyber security standard is used.
Further information on CIPs can be found in:
Annex D of the Buyer Supplier Guide
Def Stan 05-138 issue 3 will open to review on 25th March 2021 at the Defence Standarization website
DCPP group on the NCSCs Cyber Information Sharing Partnership (CISP), register at NCSCs Cyber Information Sharing Partnership (requires sponsorship).
- Supplier Cyber Protection: online tool for cyber security Model
- Cyber security for defence suppliers (Def Stan 05-138 v2)
- Defence Condition 658 (DEFCON 658)
- Cyber risk profiles (updated July 2020)
- Supplier Assurance Questionnaire (Dec 2019)