The Defence Cyber Protection Partnership (DCPP), which comprises MOD representatives, 13 prime suppliers and defence industry trade bodies, was established in 2012 with the aim of improving cyber security maturity for the community.
The DCPP felt that the CE scheme did not represent a broad enough degree of security because, at the time, it only covered five major technical security controls and did not include wider aspects such as governance and risk management. It, therefore, developed the CSM as its own standard for supplier cyber security, based upon the CE scheme, but with some additional control requirements.
The CSM will enable government procurers to mandate proportionate cyber security standards from suppliers appropriate to the level required for a particular contract.
If you are looking at the Cyber Security Model (CSM) to do business with MOD, you may also require FSC and IPSA compliance, if you need to hold classified materiel (at SECRET or above) and if you need to manage your own security clearances.
Since April 2017, the Cyber Security Model (CSM) has been a pre-requisite for all suppliers doing business with the MOD who hold MOD identifiable information. It’s a must for any supplier wanting to work in the MOD – and it applies to prime contractors as well as the supply chain.
The level of CSM compliance will be decided by the MOD buyers who will set it for each contract based on proportionate cyber security standards. The levels are covered in more depth in our blog article ‘An update to the MOD’s Cyber Security Model (CSM)’.
By complying with the CSM, you not only qualify to deliver your MOD contract, but you also increase the protection to your business as you will reduce the risk from the ever-increasing threat of harmful cyberattack. And, at Ascentor, we always seek to identify the business benefits of complying with standards and schemes, so your CSM compliance may set you apart in more ways than one.
Ascentor can steer you through what is needed to become CSM compliant. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities and provide ongoing support to maintain your status and continually improve your cyber security posture in accordance with your business objectives.
We leverage years of experience in cyber security to deliver comprehensive solutions tailored to your needs.
We're accredited in ISO 9001:2015, Cyber Essentials Plus, IASME Gold and are a Crown Commercial Service Supplier.
NCSC (CESG) Certified Professionals CCP and Certified Information System Security Professional CISSP certified.
We're Certified Information Security Managers (CISM).
We're members of the Chartered Institute of Information Security (CIISec). CREST and Cyber Scheme Registered Pentesters.
We stay ahead of the curve, consistently updating our services to handle the rapidly evolving landscape of cyber threats.
We work closely with clients, fostering partnerships to better understand and address your cyber security needs.
We offer pragmatic, accessible solutions that balance security needs with the realities of your operational requirements.