MOD requires Cyber Essentials for all suppliers bidding on new contracts as of 1st January 2016. The MOD has recommended that suppliers start working towards Cyber Essential Certification now.
The MOD states the following:
“For all new requirements advertised from 1st January 2016 which entail the transfer of MOD identifiable information from customer to supplier or the generation of information by a supplier specifically in support of the MOD contract, MOD will require suppliers to have a Cyber Essentials Certificate by the contract start date at the latest, and for it to be renewed annually. This requirement must be flowed down the supply chain.”
A statement has been circulated by trade associations and member companies of the joint MOD-industry Defence Cyber Protection Partnership (DCPP) to Defence suppliers. It explains the reasons for implementation of the Cyber Essentials Scheme and refers to it as a significant, but welcome, step for the whole Defence supply chain. The Defence Cyber Protection Partnership (DCPP) has now become a key part of the defence sector response.
DCPP is joint government-industry initiative established to improve the level of cyber-security throughout the defence supply chain. CES is a core part of DCPP’s Cyber Security Model which introduces additional controls appropriate for higher risks and will be introduced in Q2 2016.
CES certification will become the baseline requirement for companies in the UK defence supply chain. Suppliers are strongly encouraged to start working towards achieving it.
MOD requires Cyber Essentials as minimum for all defence suppliers
The requirement by the MOD for Cyber Essentials Scheme certification assists the MOD with defining a baseline for their third party assurance. As with all companies, certifying under the Cyber Essentials Scheme is a useful starting point to building resilience against 80% of cyber threats. The DCPP has the following statement in its overview.
“Requirements are progressive as you move up the risk profiles, so the lower levels are the foundation of the higher levels and each level builds on the ones before. The lowest DCPP requirement (‘Very Low’) is Cyber Essentials (Cyber Essentials Plus for those assessed as ‘Low’ or higher) to align with existing HMG policy, so as a minimum it is recommended that all defence suppliers look to achieve compliance with this scheme”.
The message is very clear from the MOD- Cyber Essentials implementation is certainly the first step to comply with the MOD scheme, and companies should start working towards certification now. However all UK businesses who want to take the first steps to cyber security would benefit from Cyber Essentials as a good starting point.
> Start now! Need Cyber Essentials Certification in a hurry?