The Defence Cyber Certification (DCC) is a cybersecurity scheme developed to raise the standards for digital protection across the UK defence supply chain. Introduced by the Ministry of Defence (MOD) in collaboration with IASME (the team behind Cyber Essentials), it’s part of a broader push to make cyber risk management an integrated part of doing business with defence.
Whether you’re a large defence contractor managing secure networks or a smaller company supplying software, equipment, or services, DCC is designed to ensure your cyber practices are fit for purpose. It forms a core part of the MOD’s Cyber Security Model (CSM) Version 4, which outlines how defence suppliers should handle sensitive data, systems, and risk.
What makes DCC different is its flexible, tiered approach. Rather than applying blanket requirements, the certification level you need depends on what kind of work you do and the potential impact of a cyber incident. Companies dealing with classified or high-sensitivity data, for instance, will face more stringent checks than those handling less critical tasks. This ensures that security expectations are fair, proportionate, and rooted in real-world risk.
Certification can involve both self-assessment and independent validation, depending on the tier. For businesses, this not only builds trust with MOD buyers but also strengthens internal cyber hygiene, a growing necessity due to sophisticated cyberattacks and evolving global threats.