Defence Cyber Protection Partnership (DCPP) is a joint Ministry
of Defence (MOD) and industry initiative to improve the
protection of the defence supply chain from the cyber threat.
From:
Ministry of Defence
Published
12 September 2019
Last updated
4 June 2021 — See all updates
Contents
-
Interim DCPP Cyber
Security Model process
-
Understanding more about
the Cyber Security Model
-
News
-
Contact Us
-
Recommended links
-
Useful links
-
Other media sources
Interim DCPP Cyber Security
Model process
An interim service is in place while the Supplier Cyber
Protection service is transitioned to a new tool. It is
anticipated that this interim process will last three months.
An Industry Security Notice will be published shortly which will
explain how the process will work in detail. In the meantime, if
you need to complete an RA
or SAQ
please contact the DCPP Team.
We thank you for your patience.
DCPP
Team: ISSDes-DCPP@mod.gov.uk
Additional information
Def Stan
05-138
This is the Defence Standard defining the controls required for
each Cyber Risk Profile (level).
Note: This Def Stan is being revised and therefore not
in step with the online SAQ. Updated requirements can be viewed
at the Cyber Security Model:
cyber risk profiles’ requirements page on GOV.UK.
DEFCON 658
This is the contractual Defence Condition that references supply
chain cyber security.
Defence Industry Warning, Advice and Reporting Point
(WARP)
There is a requirement to
report security incidents where MOD data might be involved
Understanding more about the Cyber Security
Model
The Cyber Risk Profile is assessed on six questions relating to:
• Electronic exchange or creation of MOD Identifiable Information
• Classification
• Personal data
• Connectivity to MOD
networks
Cyber Essentials underpins
the MOD Cyber Risk
Profiles. Cyber Essentials is a certification scheme identifying
the minimum steps an organisation should take to protect
themselves against cyber risk.
The Supplier Assurance Questionnaire is a self-assessment for
organisations to demonstrate how they meet our requirements. The
online tool allows sample questionnaires to be completed to
identify gaps. Where there are differences a Cyber Implementation
Plan (CIP) should
be completed, particularly if an alternative cyber security
standard is used.
Further information on CIPs can be found in:
News
Def Stan 05-138 issue 3 will open to review on 25th March 2021 at
the Defence Standarization
website
Cyber Breaches Survey
2021
Cyber Essentials:
Requirements for IT Infrastructure
Contact Us
The DCPP Team can be
contacted by email on: issdes-dcpp@mod.gov.uk
or LinkedIn Group.
DCPP
group on the NCSC’s Cyber Information Sharing Partnership
(CISP), register at
NCSC’s Cyber Information Sharing
Partnership (requires sponsorship).
Recommended links
Useful links
This unclassified presentation was recorded for internal
MOD audiences to raise
their awareness of the Cyber Security Model although most of it
still applies to industry.
Other media sources
