New defence Cyber Security Model announced

The Ministry of Defence (MOD) have announced the Cyber Security Model Version 4 (CSMv4). The CSMv4 provides a new set of cyber security standards that suppliers must comply with to work with the MOD, along with other updates to improve cyber resilience.

The Ministry of Defence has launched the enhanced Cyber Security Model to strengthen Defence supply chain resilience. With updated standards and a risk-based approach, it ensures suppliers meet critical requirements to safeguard national security. View the latest guidance and all relevant links here - Cyber Security Model - GOV.UK

A single weak link can disrupt operations, waste resources, have significant financial implications, and even jeopardise national security. We need all of MOD’s suppliers to work together to strengthen our defences against these threats.

Changes for MOD Suppliers

The uplifted Cyber Security Model brings:

• Transition to the new Cyber Security Model: All new or renewing contracts must adhere to the new Cyber Security Model, while longer-term contracts must transition during annual reviews or when updated information is provided by the customer.
• Supplier Cyber Protection Service (SCPS)**\:** Access this new gov.uk service to transition to the new Cyber Security Model.
• DEFSTAN 05-138 Issue 4: Tailored risk profiles (Levels 0-3) to boost resilience and focus on overall operational resilience.
• DEFCON 658: This DEFCON outlines the contractual obligations of Defence suppliers for CSM compliance.

As announced by techUK in May, the MOD, in partnership with IASME, have announced the Defence Cyber Certification (DCC). Suppliers should expect to see increasing requirement to hold valid DCC certification for the duration of their contract with the MOD.

To find out more about the Cyber Security Model, follow the link below.