The Ministry of Defence (MoD) is aiming to upgrade its Defence Cyber Protection (DCPP) tool for its suppliers.
It has launched a procurement for a new version of the tool, which provides risk assessment and a supplier assurance questionnaire, aimed at ensuring the Defence Cyber Protection Partnership (DCPP) model is applied down the supply chain.
The notice says the initial requirement is for a tool to be delivered as a managed service, consisting of a workflow and back database, to replicate the functions of the current tool. It will be hosted on the MoD Cloud.
The ministry intends that new functions will be added to the tool, including ‘secure by design’ in the system design and intelligence, through the invitation to tender process. This could would be managed through a staged approach building on the baseline functions.
The contract for is set to run for three years, with the possibility of two one-year extensions, with a value of up to £5 million. The MoD is aiming to strike a deal by April 2020.
It recently set up a Defence Innovation Cyber Security and Assurance Team to provide advice on support for innovation projects. This came from a recognition that innovation projects tend not to have their own security SMEs in place to support DAIS, and that the body does not have the resources to provide sufficient support to all of the projects.
Image from Harland Quarrington/MOD, OGL v1.0