Guidance
Cyber security for defence suppliers (Def Stan 05-138, Issue 3)
This defence standard specifies the measures that defence suppliers are required to achieve at each of the 5 levels of cyber risk that a contract can be assessed as carrying.
Documents
Details
This defence standard (DEFSTAN 05-138 Issue 3) is applicable to Ministry of Defence (MOD) procurements subject to Cyber Security Model Version 3 only, MOD suppliers and their subcontract suppliers, which have a relationship to one or more MOD contracts.
Updates to this page
Published 17 October 2017
Last updated 3 November 2025
+ show all updates
-
Updated details on DEFSTAN 05-138, Issue 3.
-
Added Issue 3 of DEFSTAN 05-138.
-
First published.