The Defence Cyber Protection Partnership (DCPP), comprising UK Ministry of Defence (MOD) representatives, 13 prime suppliers and defence industry trade bodies, was established in 2012 to improve cyber security maturity in the defence community.
The DCPP felt that the Cyber Essentials (CE) Scheme did not represent a broad enough degree of security; it only covered five major technical security controls and did not include wider aspects such as governance and risk management. Their work resulted in the Cyber Security Model (CSM), which builds on CE with some additional control requirements.
If you are looking at the Cyber Security Model (CSM) to do business with the MOD, you may also need List X compliance if your contract requires you to hold classified material (at SECRET or above) on your premises.
Since April 2017, the CSM has been a pre-requisite for all suppliers doing business with the MOD who hold MOD identifiable information. It’s a must for any supplier wanting to work in the MOD – and it applies to prime contractors as well as the supply chain.
The level of CSM compliance will be decided by the MOD buyers who will set it for each contract based on proportionate cyber security standards. The levels are covered in more depth in our blog article ‘An update to the MOD’s Cyber Security Model (CSM)’.
By complying with the CSM, you not only qualify to deliver your MOD contract, but you also increase the protection to your business as you will reduce the risk from the ever-increasing threat of harmful cyberattack. And, at Ascentor, we always seek to identify the business benefits of complying with standards and schemes, so your CSM compliance may set you apart in more ways than one.
Ascentor can steer you through what is needed to become CSM compliant. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities and provide ongoing support to maintain your status and continually improve your cyber security posture in accordance with your business objectives.