Security News > 2020 > April > Ministry of Defence lowers supplier infosec standards thanks to COVID-19 outbreak
Security standards for defence contractors have been lowered thanks to the coronavirus outbreak, Britain's Ministry of Defence has told its suppliers.
In an Industry Security Notice published to an obscure corner of GOV.UK, the ministry said it is suspending the need for its suppliers to have the Cyber Essentials Plus security certification.
"Organisations obtaining or renewing CE+ for a future contract will need to provide a Cyber Implementation Plan. This should inform Defence that the supplier is committed to seeking CE+ but cannot do so due to travel restrictions resulting from COVID-19," said the notice.
Separately, in early April, the NCSC handed an exclusive contract to certification consortium IASME. IASME is now the sole organisation that can award Cyber Essentials certifications to British SMEs, the number of awarding bodies having been slashed from five to just one with the new contract.
"The scheme, which is an important part of the NCSC's portfolio, teaches businesses how to protect themselves from the most common internet based cyber threats and reassure their customers that cyber security is taken seriously," intoned IASME. One expects the highest standards of a body trusted with such a serious duty, right?