Are you a business looking to supply to the Ministry of Defence (MOD)? Have you heard of the Defence Cyber Certification (DCC)?

The DCC is a newly launched cyber security framework, specifically targeted to suppliers wishing to work for the UK’s defence sector. It has been co-developed by the MOD and IASME and is part of a broader initiative to enhance cyber resilience within the defence sector supply chain. The new approach expands on the previous by-contract approach, now concerning the security and resilience of the whole organisation and providing single, organisation-level assurance to present for applicable MOD contract procurements.

What does the DCC involve?

There are four levels available and relevant levels will be assigned based on the perceived risk level of the supplier’s outputs and determined by the MOD contract. If you wish to complete the DCC, but do not plan to apply for MOD contracts soon, then your certification level will be discussed with your advisor and determined based on your goals and organisation.

The four levels include:

Level 0 Certification – 3 Controls:  This level requires supplier organisations to demonstrate basic cyber security practices and is usually assigned for low levels of risk. This can form a foundational level for future assessments at higher levels.

Level 1 Certification – 101 controls: This requires supplier organisations to demonstrate a comprehensive cyber security program with good practices and is normally assigned with low-to-moderate levels of assessed risk.

Level 2 Certification – 139 controls: This requires Supplier organisations to demonstrate advanced cyber security oversight and planning which drives robust organisational and cyber practices. This is normally assigned where there is a high level of assessed cyber risk.

Level 3 Certification – 144 Controls: This requires Supplier organisations to demonstrate expert cyber security capabilities which take full advantage of the ‘defence in depth’ methodology—to appropriately protect the organisation against new and evolving threats. This is usually assigned where there is substantial level of risk.

If you would like to work with the MOD for any contracts – current or in future – then completing the DCC may become an important factor for applicants to be considered. The DCC does not only benefit these organisations, but is a valuable certification for any business looking for an opportunity to differentiate from competitors and improve their security posture and resilience. Holding the DCC enables you to showcase credibility and commitment to cyber resilience to your customers and stakeholders, building trust and displaying reliability.

As a certification body for the DCC, we can help you implement and achieve certification. For further information, please visit our dedicated DCC page.

If you have any more questions, or wish to get started, please get in touch with our team for further information.

Related Posts

Asset Management – If You Can’t See It, You Can’t Secure It
Asset Management – If You Can’t See It, You Can’t Secure It
Gallery

Asset Management – If You Can’t See It, You Can’t Secure It

March 30, 2026
The Roadmap to Cyber Resilience: Building on the Foundations
The Roadmap to Cyber Resilience: Building on the Foundations
Gallery

The Roadmap to Cyber Resilience: Building on the Foundations

January 21, 2026
How Well Do You Know Your Incident Response Plan?
How Well Do You Know Your Incident Response Plan?
Gallery

How Well Do You Know Your Incident Response Plan?

November 26, 2025
Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?
Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?
Gallery

Did You Know NCSC’s Cyber Assessment Framework (CAF) Has Been Updated?

November 5, 2025