New Defence Cyber Security Model Announced

MOD publishes the Cyber Security Model Version 4 providing a new set of standards that suppliers must comply with to work with the MOD

The Ministry of Defence (MOD) have announced the Cyber Security Model Version 4 (CSMv4). The CSMv4 provides a new set of cyber security standards that suppliers must comply with to work with the MOD, along with other updates to improve cyber resilience.

Why It Matters

A single weak link can disrupt operations, waste resources, have significant financial implications, and even jeopardise national security. The CSMv4 ensures every supplier meets, or plans to meet, the appropriate cyber security standards, with a risk-based approach that focuses on what matters most. We need all of MOD’s suppliers to work together to strengthen our defences against these threats.

Changes for MOD Suppliers:

The uplifted Cyber Security Model brings:

1. Supplier Cyber Protection Service (SCPS): A new gov.uk service suppliers must use to assess and monitor compliance against MOD cyber security standards.

2. DEFSTAN 05-138 Issue 4: Tailored risk profiles (Levels 0-3) to boost resilience and focus on overall operational resilience.

3. DEFCON 658: This updated DEFCON outlines the contractual obligations of Defence suppliers for CSM compliance. As announced by TechUK in May, the MOD, in partnership with IASME, have announced the Defence Cyber Certification (DCC). Suppliers should expect to see increasing requirement to hold valid DCC certification for the duration of their contract with the MOD.

To find out more about the Cyber Security Model Version 4, visit the link below.