Skip to main content

MOD CSMv4 Maturity Assessment

Stay mission-ready with CND’s tailored Cyber Risk Assessment, an interactive workshop lead by CND GRC Experts, designed to align your organisation with the MOD’s Cyber Security Model v4 (CSMv4).

Man jumping from cliff edge to another

CSMv4 Gap Analysis & Compliance Assessment
We benchmark your current security posture against the controls required for your assigned Cyber Risk Level (0–3), delivering a clear gap analysis and a remediation roadmap to support SAQ readiness and reduce contractual risk.

We validate your technical and procedural controls, covering patching, EDR, access control, and incident response, and prepare audit-ready evidence packs. Policy statements alone won’t cut it; we help you prove it.

CSMv4 Implementation Support
Whilst we provide a detailed report of recommendations, we can also provide support with the delivery of many of the requirements. Including:

  • Cyber Essentials L0 - L3
  • Cyber Essentials PLUS L2 & L3
  • Risk Management L1-L3
  • Threat Intelligence L3
  • Automated Asset Management L2 & L3
  • Supply Chain L1-L3
  • Identity and Access Control L1-L3
  • Multi Factor Authentication L2 & L3
  • Automated Password Management L2 & L3
  • Removable Media L1-L3
  • Data Loss Prevention L2 & L3
  • Vulnerability Management L1-L3
  • Penetration Testing L1-L3
  • Security Monitoring L1-L3
  • Staff Awareness & Training L1-L3

From 3 November 2025, CSMv4 becomes the mandatory cyber assurance framework for all MOD suppliers. Backed by Defence Standard 05-138 Issue 4 and enforced via DEFCON 658, suppliers must now demonstrate proportionate cyber controls and submit evidence through the SCPS platform.