Updated 6 January: guidance for customers and suppliers

Published 12 December 2021

Last updated 12 December 2021

On Friday 10 December 2021, a worldwide IT vulnerability was discovered in the logging function of an Apache product which the internet and internet-based services use widely.

The government is treating this issue with the utmost seriousness and continues to work to protect the services it relies on.

What CCS is doing

We continue to evaluate all our digital products and services, taking action to mitigate or remediate as necessary: 

  • following the implementation of security measures, access to the DigiTS travel and accommodation booking service has now been restored
  • the digital supplier filtering tools for supply teachers, management consultancy, legal services and facilities management were restored on Friday 17 December

Guidance for customers

All our procurement systems are now fully available. If you experience problems accessing any of our systems, please call us on 0345 410 2222 or email info@crowncommercial.gov.uk.

We continue to monitor responses from framework suppliers to ensure they are following National Cyber Security Centre (NCSC) guidance. We advise you to make sure that your own organisation, and any suppliers who provide digital services for you, are also following NCSC guidance.

Guidance for suppliers

All suppliers to government should be following NCSC guidance and ensuring  products and services are evaluated and remediated as necessary. 

Please contact NCSC and gsgcyber@cabinetoffice.gov.uk with details of any affected service, an outline of the issue and the organisation/department(s) that you believe to be affected.