Ministry of Defence lowers supplier infosec standards thanks to COVID-19 outbreak

Ministry of Defence lowers supplier infosec standards thanks to COVID-19 outbreak

Can't get assessors on-site to check SMEs' antivirus updates


Security standards for defence contractors have been lowered thanks to the coronavirus outbreak, the Ministry of Defence has told its suppliers.


In an Industry Security Notice published to an obscure corner of GOV.UK, the ministry said it is suspending the need for its suppliers to have the Cyber Essentials Plus security certification.


"Organisations obtaining or renewing CE+ for a future contract will need to provide a Cyber Implementation Plan. This should inform Defence that the supplier is committed to seeking CE+ but cannot do so due to travel restrictions resulting from COVID-19," said the notice.


It added that it applies across the board to all MoD suppliers "where the Cyber Risk Profile is Low, Moderate or High." ..

Support the originator by clicking the read the rest link below.