• Have a question? Call us : +44 (0) 1256 744 780

  • Have a question? Call us :+44 (0) 1256 744 780

Defence Cyber Certification2026-07-02T08:05:50+00:00

DEFENCE CYBER CERTIFICATION (DCC)

Certified to Strengthen Cyber Resilience in the UK Defence Supply Chain

We’re proud to announce that RightCue has been selected as a certifying body for all levels (Zero, One, Two and Three) of the Defence Cyber Certification (DCC), under the governance of the UK Ministry of Defence (MOD) and administered by IASME Consortium.  This milestone affirms our strategic focus on secure, resilient cyber operations that empower businesses to thrive in highly regulated and sensitive sectors like defence.

RightCue Knowledge Hub

The complete guide for UK Defence Suppliers

Everything you need to know; levels, scoping, the assessment process and how to prepare.

Read the full guide
Official Certification Body · Levels 0–3
RightCue, an official MOD and IASME certification body

What is a Defence Cyber Certification?

The Defence Cyber Certification (DCC) is a comprehensive cybersecurity framework developed by the UK Ministry of Defence and delivered by IASME. It aims to strengthen the cyber resilience of the UK’s defence sector by providing a structured certification process for suppliers.

DCC offers a single, organisation-level assurance that suppliers can present in support of UK Defence procurements. Certifications are subject to annual check-ins and re-certification every three years. To keep your certificate valid you also maintain your underlying Cyber Essentials or Cyber Essentials Plus certification and complete an annual attestation.

Being certified against this standard ensures suppliers meet and maintain robust cybersecurity across their organisation.

Key objectives:

  • Protect MOD supply chain integrity

  • Provide confidence in supplier cyber maturity

  • Reduce cyber risks across national defence infrastructure

This certification is part of a broader national effort to bolster cyber resilience in industries critical to national infrastructure.

RightCue, an official MOD and IASME certification body
RightCue, an official MOD and IASME certification body

What are the Different Levels of the Certification?

The DCC framework comprises four levels, each corresponding to the assessed cyber risk associated with a supplier’s output:

  • Level Zero (3 Controls): For suppliers with a very low level of assessed cyber risk. Requires demonstration of basic cyber security practices, built on a valid Cyber Essentials certificate..

  • Level One (101 Controls): For suppliers with a low to moderate level of assessed cyber risk. Requires a comprehensive cyber security programme with good practices, built on Cyber Essentials.

  • Level Two (139 Controls): For suppliers with a high level of assessed cyber risk. Requires advanced cybersecurity oversight and planning, including Cyber Essentials Plus certification.

  • Level Three (144 Controls): For suppliers with a substantial level of assessed cyber risk. Requires expert cybersecurity capabilities and Cyber Essentials Plus certification.

Each level builds on the one below it, so the number of controls grows with the assessed risk. You do not have to start at Level Zero. You can apply for the level you need and move up later through a fresh assessment at the higher level.

RightCue, an official MOD and IASME certification body

Let’s build resilience together

RightCue is here to guide you through the DCC process

The Certification Process

As an official Certification Body for Levels 0 to 3, RightCue guides you through the whole DCC process. The four steps below describe a Level Zero assessment. Levels 1 to 3 follow the same path in greater depth, with the scope agreed up front and, at Levels 2 and 3, a likely physical site visit:

Start by contacting RightCue. We will help you understand the DCC Level Zero scope.

Important:

  • Before proceeding with DCC Level Zero, a Cyber Essentials certification needs to be in place.

Please be aware of the following:

  • Your Cyber Essentials certification must cover all internet-connected areas within the DCC scope.
  • DCC includes non-internet connected devices as well.
  • Some variation is expected (especially for larger organisations), and our assessor will seek contextual understanding.

If your Cyber Essentials scope does not adequately align, it is an automatic failure.

Prepare and submit yours answers and evidence related to:

  • Your Cyber Essentials scope
  • Data security basics
  • GDPR compliance (data governance practices)
  • Network and system resilience (evidence of planning and recovery capability)

Our assessors will conduct a video session to:

  • Discuss submitted evidence
  • Clarify scope differences
  • Review supporting documentation

Based on your evidence, RightCue will determine your certification outcome. A successful assessment will result in a Level Zero certification valid for 36 months.

What This Means for You

  • A comprehensive, organisation-wide cyber security certification for suppliers in the defence sector

  • Consistent praise from our clients for exceptional customer service and high-quality deliverables.

  • Designed to strengthen the cyber resilience and security of the UK defence sector’s supply chain

“Although we aren’t permitted to write publicly for the company, I appreciate the strong and continuing relationship we have with RightCue. From my personal perspective, we worked extensively with RightCue since 2023 and It’s consistently been a pleasure working with the team. I genuinely look forward to working with the team each year as we renew our Cyber Essentials+ certification as they consistently makes what can be a challenging process much more manageable and even enjoyable.”

Large MOD Supplier

What is the Defence Cyber Certification (DCC)?2026-06-23T12:56:33+00:00

The Defence Cyber Certification (DCC) is a cyber security certification framework for UK defence suppliers, developed by the UK Ministry of Defence (MOD) and delivered through IASME. It gives suppliers a single, organisation-level way to demonstrate cyber resilience in support of UK defence procurements.

Is DCC mandatory to bid for MOD contracts?2026-06-23T13:45:26+00:00

No. DCC is currently not mandatory and you can still tender for MOD contracts through the normal process. Certifying early demonstrates cyber maturity and gives suppliers a competitive advantage.

What are the DCC levels?2026-06-23T13:41:12+00:00

There are four levels matched to assessed cyber risk: Level 0 (3 controls), Level 1 (101 controls), Level 2 (139 controls) and Level 3 (144 controls). All levels start with Cyber Essentials, and Levels 2 and 3 require Cyber Essentials Plus.

Do I need Cyber Essentials before DCC?2026-06-23T13:42:53+00:00

Yes. Cyber Essentials is the first requirement for every level. Levels 0 and 1 require Cyber Essentials, and Levels 2 and 3 require Cyber Essentials Plus, covering the right scope.

How long does DCC certification last?2026-06-23T13:43:55+00:00

DCC certification is valid for three years. You complete an annual attestation and maintain your Cyber Essentials or Cyber Essentials Plus certification, then recertify every three years.

Do I have to start at Level 0?2026-06-23T13:44:36+00:00

No. You can apply for the level you need without completing lower levels first, and you can move up later through a fresh assessment at the higher level.

Get Started with Defence Cyber Certification (DCC)

Speak to RightCue to get DCC certified

Explore our Knowledge Hub

See more help guides, articles, client success stories and resources.

Go to Top