Defence Cyber Protection Partnership

DCPP is a joint Ministry of Defence (MOD) and industry initiative to improve the protection of the defence supply chain from the cyber threat.

The Defence Cyber Protection Partnership (DCPP), a government industry initiative was formed to create a joint response to the cyber threat.

The DCPP aims to protect our military capability by improving cyber defence through the MOD’s supply chain while preserving existing investment in cyber security measures.

As part of the partnership the Ministry of Defence has created a number of cyber security standards that have to be met to contract with MOD, these are outlined in the Cyber Security Model (CSM).

In order for a supplier to demonstrate their compliance MOD has created Octavian/Supplier Cyber Protection. This free online tool enables you to complete both risk assessments (RA) and supplier assurance questionnaires (SAQ). .

DCPP events

  • 7 November: Defence Industry Security Association (DISA) Central
  • 15 November: DISA Northern
  • 21 November: DISA Eastern
  • 22 November: DISA South

Latest news: Verify

If you are responding to a Moderate or High Cyber Risk Profile, you need to confirm your identity. This is called Enhanced Access. Scheduled for the 7 November, we will integrate GOV.UK’s Verify into Octavian. This means most UK residents can complete this online:

  • Verify is now used by various UK government services, including passport renewals
  • it takes about 10 minutes
  • Verify does not share personal information with DCPP
  • users with existing enhanced access will need to revalidate themselves
  • enhanced access is still available via the traditional method if you are unable to use Verify. Instructions will be provided when using the online tool.

Further Information:

What is the DCPP ?

The DCPP is the partnership between the MOD and industry to decide upon new cyber security standards for industry. These are outlined in our Cyber Security Model which is built upon the Cyber Essentials Scheme.

You can find more information about the DCPP by joining the DCPP groups on CiSP and LinkedIn.

How to comply with the CSM

The Cyber Security Model (CSM) outlines the minimum required cyber security standards depending on the cyber risk level of each contract. The contractual requirement to meet the CSM is outlined in Defence Standard (DEFSTAN) 05-138 and Defence Condition (DEFCON) 658.

The DEFCON is one of a suite of conditions which make up a contract and you can view all MOD contract conditions on the Commercial Toolkit, which can be accessed by registering on the Acquisition System Guidance.

Octavian/Supplier Cyber Protection

Communicate DCPP to others

These links and documents are here to assist you in understanding the requirements of the Cyber Security Model and communicating them to your staff and sub-contractors.

DCPP, Cyber Security Model: podcast. This 30 minute podcast is suitable for suppliers and practitioners of the Cyber Security Model. Please note: this podcast is hosted by a third party and the MOD is not responsible for the content of that site.

DCPP, Supply Chain Cyber Resilience: podcast. This 30 minute podcast is suitable for senior business leaders and CEOs of small and medium sized enterprises. Please note: this podcast is hosted by a third party and the MOD is not responsible for the content of that site.

Published 2 June 2016
Last updated 1 November 2018 + show all updates
  1. Updated events and latest information about Verify.
  2. Updated the DCPP events section for September 2018.
  3. Added the link to the GOV.UK Verify guidance page.
  4. Updated the DCPP Events section of the web page.
  5. Updated the DCPP events section to reflect activity for July.
  6. Updated DCPP events.
  7. Updated the DCPP events section with May 2018 dates.
  8. Updated list of DCPP events for April 2018.
  9. Added new scheduled events and updated links.
  10. Added announcement for 1 March 2018: Defence Supply Chain and Logistics Event, in London.
  11. Added DCPP events.
  12. Added Risk Assessment Workflow, Supplier Assurance Questionnaire Workflow.
  13. Added updated information on Octavian.
  14. Added Cyber security for defence suppliers (Defence Standard 05-138, Issue 2) and DEFCON 658
  15. Added Supplier cyber protection service development updates.
  16. Updated link to Cyber Protection Service.
  17. Added information on the Supplier Cyber Protection Service online tool.
  18. Added links to updated documents related to DCPP.
  19. DCPP: Cyber risk profile control guidance added
  20. Added link to: Defence Cyber Protection Partnership: your questions answered
  21. First published.