Defence Cyber Certification
What is Defence Cyber Certification?
Defence Cyber Certification (DCC) is the Ministry of Defence’s formal cyber security certification scheme for suppliers across the UK defence supply chain.
Developed in partnership with the IASME Consortium and mandated by the Ministry of Defence, DCC provides a single, organisation-wide certification that verifies your cyber security controls against Defence Standard 05-138.
DCC replaces the previous per-contract Supplier Assurance Questionnaire (SAQ) approach. Instead of completing assurance documentation for every individual MOD contract, suppliers achieve a certification level aligned to their Cyber Risk Profile (CRP). Once certified, that assurance can be used across applicable contracts.
Certification is valid for three years, with annual attestations to confirm continued compliance.
Why DCC matters
Demonstrates Defence-Grade Assurance
DCC provides independent validation that your organisation meets the MOD’s defined cyber security controls.
Reduces Repeated Compliance Burden
One certification replaces multiple contract-by-contract assessments.
Strengthens Competitive Position
Holding DCC demonstrates maturity and preparedness when bidding for defence work.
Improves Operational Resilience
DCC controls extend beyond basic cyber hygiene and require documented governance, risk management, and technical safeguards.
DCC Certification Levels
DCC has four levels aligned to the risk and sensitivity of defence contracts. Your required level is determined by the MOD through your contract’s CRP.
| Level | Control depth | Cyber Essentials requirement |
|---|---|---|
| Level 0 | Foundational baseline (3 core controls) | Cyber Essentials |
| Level 1 | Expanded organisational controls (101 controls) | Cyber Essentials |
| Level 2 | Advanced controls & evidence review (139 controls) | Cyber Essentials Plus |
| Level 3 | Highest assurance level (144 controls) | Cyber Essentials Plus |
Is DCC Right for Your Organisation?
You may require DCC if:
- You hold or are bidding for MOD contracts
- Your contract specifies a Cyber Risk Profile (CRP)
- You previously completed a Supplier Assurance Questionnaire (SAQ)
- You are moving into defence sector work
DCC is not optional where specified – it is a contractual requirement.
Base3 Offers Defence Cyber Certification Support
Base3 offers structured support to organisations seeking Defence Cyber Certification.
As a DCC Certification Body for Level 0, we can:
- Conduct formal Level 0 certification assessments.
- Guide you through Level 0 readiness.
- Help define scope and documentation requirements.
- Align your Cyber Essentials posture with DCC expectations.
- Provide gap analysis and structured preparation for higher levels.
We focus on clear scoping, evidence-based assurance, and practical implementation – not just paperwork completion.
If you are unsure which DCC level applies to your organisation, or whether your current controls would meet MOD expectations, we can help clarify your position and next steps.
Key Documentation & Resources
All official documentation can be found under the DCC section of the IASME website:
Help and Resources (guides and templates)
You can download the DCC overview document here:
https://iasme.co.uk/defence-cyber-certification/DCC-Overview.pdf
Defence Standard 05-138 (Issue 4)
The MOD’s formal control framework underpinning DCC:
https://www.gov.uk/government/publications/cyber-security-for-defence-suppliers-def-stan-05-138-issue-4
These documents define the controls, expectations, and evidence requirements for certification.