Guidance

Cyber security for defence suppliers (Def Stan 05-138, Issue 3)

This defence standard specifies the measures that defence suppliers are required to achieve at each of the 5 levels of cyber risk that a contract can be assessed as carrying.

From:
Ministry of Defence
Published
17 October 2017
Last updated
3 NovemberDecember 2025 — See all updates

Documents

[ARCHIVED] Defence Standard 05-138, Issue 3: cyber security for defence suppliers

Ref: DEFSTAN 05-138, Issue 3

PDF, 205 KB, 21 pages

Details

This defence standard (DEFSTAN 05-138 Issue 3) is applicable to Ministry of Defence (MOD) procurements subject to Cyber Security Model Version 3 only, MOD suppliers and their subcontract suppliers, which have a relationship to one or more MOD contracts. Please see the guidance for the latest defence standard.

Updates to this page

Published 17 October 2017
Last updated 3 NovemberDecember 2025 + show all updates

  1. Updates to highlight that this guidance is now archived and where to find the latest guidance.

  2. Updated details on DEFSTAN 05-138, Issue 3.

  3. Added Issue 3 of DEFSTAN 05-138.

  4. First published.

Sign up for emails or print this page