MOD directive mandating minimum cybersecurity standards for defence supply chain organisations.
Defence Condition 658 (DEFCON 658) is the MOD's flow-down clause requiring defence contractors and suppliers to meet minimum cybersecurity standards. DEFCON 658 mandates Cyber Essentials Plus certification as baseline and may require additional controls based on contract sensitivity. It flows down through supply chains—if you supply to a prime contractor on defence work, DEFCON 658 likely applies to you. Compliance is contractual obligation, not optional.
Why It Matters
The DSC Perspective:
DEFCON 658 makes cyber security a defence contract requirement. Without CE Plus and appropriate controls, you can't win or retain defence work. Understand the requirements before bidding on defence contracts.