Updated 6 January: guidance for customers and suppliers
Published 12 December 2021
Last updated 12 December 2021
On Friday 10 December 2021, a worldwide IT vulnerability was discovered in the logging function of an Apache product which the internet and internet-based services use widely.
The government is treating this issue with the utmost seriousness and continues to work to protect the services it relies on.
What CCS is doing
We continue to evaluate all our digital products and services, taking action to mitigate or remediate as necessary:
- following the implementation of security measures, access to the DigiTS travel and accommodation booking service has now been restored
- the digital supplier filtering tools for supply teachers, management consultancy, legal services and facilities management were restored on Friday 17 December
Guidance for customers
All our procurement systems are now fully available. If you experience problems accessing any of our systems, please call us on 0345 410 2222 or email info@crowncommercial.gov.uk.
We continue to monitor responses from framework suppliers to ensure they are following National Cyber Security Centre (NCSC) guidance. We advise you to make sure that your own organisation, and any suppliers who provide digital services for you, are also following NCSC guidance.
Guidance for suppliers
All suppliers to government should be following NCSC guidance and ensuring products and services are evaluated and remediated as necessary.
Please contact NCSC and gsgcyber@cabinetoffice.gov.uk with details of any affected service, an outline of the issue and the organisation/department(s) that you believe to be affected.