Cyber Essentials and working with the MOD

Share on Social

Our team is often asked if suppliers require Cyber Essentials certification when working with the MOD.

The fact is, the UK Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme – which of course includes MOD procurement.

When bidding for work with the MOD, we advise that you check if Cyber Essentials is a requirement before submitting, as the certification process can take time.

What is Cyber Essentials?

Cyber Essentials is a Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks and provides a clear statement of the basic controls organisations should have in place to protect them.

Gaining Cyber Essentials certification enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security.

The certification defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.

What is The Cyber Security Model?

The defence sector is proactively supporting the National Cyber Security Strategy.

If you are bidding for MOD contracts, you should know that Cyber Essentials forms part of the overall Cyber Security Model.

This is the tool used to carry out the Cyber Security Model. It is free to use and allows someone to do a trial run of both the Risk Assessment and Supplier Assurance questionnaire.

The Cyber Security Model (defence condition 658)

  • the buyer completes risk assessment, this determines cyber risk profile
  • cyber risk profile security requirements listed in Defence Standard 05-138. This includes cyber essentials for a risk profile of very low. Cyber Essentials Plus, alongside various policy documents required for low
  • supplier completes Supplier Assurance Questionnaire (SAQ) to demonstrate their compliance with the requirements
  • a Cyber Implementation Plan (CIP) will be required to demonstrate an alternative approach to meeting the requirements, if what the supplier has differs from the DEFSTAN.


The Defence Cyber Protection Partnership (DCPP)

The Defence Cyber Protection Partnership (DCPP) is a joint Ministry of Defence (MOD) and industry initiative to improve the protection of the defence supply chain from the cyber threat.

The DCPP is responsible for protecting the defence supply chain from cyber threats and also created the Cyber Security model in partnership with industry.


How to get Cyber Essentials?

By implementing five simple key controls, you can protect your business from up to 80% of common cyber security threats.

Find out more about our packages and get started with your Cyber Essentials certification.

“I’m already Cyber Essentials certified”

If you would like to retain your Cyber Essentials certification, then you must recertify annually. When your certification is coming to an end, Cyber Essentials Online will inform you by email around 30 days before you are expected to recertify.

Due to the popularity of the Cyber Essentials certification, we recommend that when you receive this email you begin preparation, as this will ensure that your application goes through before your current certification expires.

Remember, if your business has experienced changes to its security infrastructure, your answers should reflect this. If not, keep in mind that your answers should be like those on previous Cyber Essentials questionnaire/s.