The digital landscape presents constant challenges, and the UK faces persistent threats ranging from sophisticated espionage to cyber-attacks. According to the Strategic Defence Review (SDR), which was published on 2 June 2025, in the year leading up to September 2024, there were 89 nationally significant cyber-attacks. This makes robust cybersecurity foundational to our national security, particularly within the UK’s vital defence supply chain.
While the MOD’s growing integration of digital, cyber, and electromagnetic capabilities is rightly seen as central to the transformation of our future defence capabilities, this increasing dependency also introduces new risks. Without simultaneously strengthening our digital security and operational resilience, we risk creating greater opportunities for adversaries to exploit. To address this crucial need for robust cyber security, the MOD in collaboration with its official delivery partner IASME, has launched the new Defence Cyber Certification (DCC). This comprehensive, organisation-wide cybersecurity framework is designed to significantly boost the digital resilience of the UK defence sector’s supply chain. Successfully obtaining and maintaining certification under the DCC scheme is a clear demonstration of an organisation’s ongoing commitment to cyber security in UK Defence.
What you should know about the DCC?
- Any organisation can apply, regardless of whether they’re a current defence contractor. The MOD will specify which contracts require it
- Certification lasts for three years, with annual check-ins to ensure ongoing compliance
- There are four levels of compliance (Zero, One, Two, Three), with the MOD determining the required level based on its cyber risk. You can apply for any level directly, without needing to initially complete lower levels first
- All levels require a Cyber Essentials certification, while levels Two and Three also demand a Cyber Essentials Plus accreditation
- This is not a self-assessment. All levels require a formal, independent evaluation to confirm compliance
How to get your DCC?
- You can register your interest for the DCC on the IASME website.
- Following this initial form, IASME will send you more information about the DCC scheme and a list of Certification Bodies (CBs) that can assess your organisation to the required level.
- Choose a CB, who will explain the process and provide cost estimates. Costs are not fixed; they depend on your organisation’s size, desired level, and support needed.
- Once you sign an agreement, the CB’s assessors will identify any gaps in your cybersecurity. They assess and advise, but don’t implement solutions.
- A successful assessment earns your organisation a certificate and a digital badge.
- If you do not pass, you will receive a report detailing areas for improvement and can reapply. Failed assessment details are kept confidential.
Are you interested in becoming a CB?
As of June 2025, the DCC scheme is currently in a pilot phase. IASME is actively accepting expressions of interest for new assessors.
Events to support your cyber resilience efforts
Webinar: Understanding the Defence Cyber Certification (DCC) with IASME
This webinar focused on the new Defence Cyber Certification (DCC). In collaboration with IASME, the MOD's official delivery partner for DCC, this session offers a unique opportunity to gain direct insights into this essential cybersecurity framework.
Read More
Webinar: Cybersecurity 101 – Addressing risk in a digital age
Join us and the Cyber Hub at the Department for Business and Trade to gain practical insights and tools needed to improve digital resilience and help mitigate the risks of cyber threats.
Read More
