Guidance

Defence Cyber Protection Partnership

Defence Cyber Protection Partnership (DCPP) is a joint Ministry of Defence (MOD) and industry initiative to improve the protection of the defence supply chain from the cyber threat.

Latest

What is the DCPP?

A collaboration between the MOD and its key suppliers to ensure the defence supply chain understands the cyber threat and is appropriately protected against attack.

Our principles

  • understand the risk
  • proportionate protection
  • suppliers to defence meet the standards.

Supplier Cyber Protection online

This is the tool used to carry out the Cyber Security Model. It is free to use and allows someone to do a trial run of both the Risk Assessment and Supplier Assurance questionnaire.

The Cyber Security Model (defence condition 658)

  • the buyer completes risk assessment, this determines cyber risk profile
  • cyber risk profile security requirements listed in Defence Standard 05-138. This includes cyber essentials for a risk profile of very low. Cyber Essentials Plus, alongside various policy documents required for low
  • supplier completes Supplier Assurance Questionnaire (SAQ) to demonstrate their compliance with the requirements
  • a Cyber Implementation Plan (CIP) will be required to demonstrate an alternative approach to meeting the requirements, if what the supplier has differs from the DEFSTAN.

Flow down

Suppliers complete a risk assessment for any elements they are sub-contracting. Their suppliers will complete SAQs as required.

What is in it for industry:

  • protect reputation
  • protect intellectual property
  • protect pricing information
  • protect customer details
  • protect own supply chain

Hot topic

Now available: a document on adopting other standards by comparing Def Stan 05-138 and NIST 800-171. This will be expanded to include other standards over time. Guidance for adopting other standards to meet requirements of Defence Standard 05-138 (PDF, 231KB, 8 pages) .

This unclassified presentation was recorded for internal MOD audiences to raise their awareness of the Cyber Security Model although most of it still applies to industry.

DCPP internal presentation

Other media sources

Published 12 September 2019