Guidance

Cyber security for defence suppliers (Def Stan 05-138, Issue 4)

This defence standard specifies the cyber controls that defence suppliers are required to achieve at each of the 4 cyber risk profile levels that a contract can be assessed at.

• From: Ministry of Defence
• Published: 23 May 2024
• Last updated: 3 December 2025 — See all updates

Documents

Defence Standard 05-138, Issue 4: cyber security for defence suppliers

PDF, 804 KB, 37 pages

Details

This defence standard (Def Stan 05-138, Issue 4) is applicable to all Ministry of Defence (MOD) procurements, MOD suppliers and their subcontract suppliers, which have a relationship to one or more MOD contracts.

Published 23 May 2024

Last updated 3 December 2025 + show all updates

1. 3 December 2025

   Updated details on Def Stan 05-138, Issue 4.

2. 23 May 2024

   First published.