The Ministry of Defense’s DOT strengthens the cyber defense of the Armed Forces’ support system
The DOT of the Ministry of Defense is strengthening the cyber protection of the support system of the Armed Forces of Ukraine. About this informs press service of the Ministry of Defense.
The procurement agency of the Ministry of Defense “State rear operator” has started the process of certification of the DOT-Chain food supply IT system of the Armed Forces of Ukraine and its modules in accordance with the NIST RMF standard – the American cyber security model created by the US National Institute of Standards and Technology.
This standard is designed to strengthen protection in the public sector, in particular at strategic enterprises and government institutions. Its purpose is not only to counter cyber attacks, but also to ensure adaptation to new cyber threats. According to the requirements of the State Special Forces, the introduction of NIST RMF in Ukraine will become mandatory for state ICS systems. Currently, only two of them have the appropriate certification – the integration platform “Delta” and the system for responding to cyber incidents “CSOC”.
“In modern warfare, the protection of digital infrastructure is no less important than the protection of physical warehouses or supply routes. In 2025, the DOT provides more than 44.8 billion hryvnias for the purchase of food products for the Armed Forces of Ukraine, and the implementation of NIST RMF increases the resistance of this system to interference by the enemy”, – noted the director of the Department of Procurement Policy of the Ministry of Defense of Ukraine Hleb Kanevskyi.
In addition, DOT is introducing new information security requirements for product suppliers that interact with DOT-Chain. This will increase the overall level of data protection in the provisioning process and make supplier companies more resilient to all types of cyber threats, including commercial ones.
The conditions will include the mandatory use of licensed software, a complete ban on software of Russian origin (in particular, 1C), regular updates, the presence of a formalized cyber security policy, a ban on the use of separate messengers to exchange information about supplies, immediate notification of the State Special Communications Service, CERT-UA and DOT in the event of a cyber attack, clear regulation of access, conducting pentests, setting up data backups and mandatory ISO 27001 certification by the end of 2026.
