- +44 (0)1480 775555
- [email protected]
The Defence Cyber Certification (DCC) is a UK Ministry of Defence (MOD) endorsed scheme designed to improve the cyber resilience of the MOD supply chain. It ensures that all suppliers, regardless of size, meet proportionate levels of cybersecurity based on the sensitivity of the contracts they support. Managed by IASME, the scheme offers a clear framework to demonstrate compliance with MOD cyber requirements.
The DCC categorises suppliers into four certification levels (Level 0–3) based on the assessed cyber risk of the MOD contract. Each level reflects increasing expectations of cybersecurity controls, planning, and governance, from basic cyber hygiene at Level 0 to sophisticated “defence in depth” strategies at Level 3.
Each certification level is linked to a defined number of controls, combining technical measures with broader organisational security governance, and mapping to established frameworks like Cyber Essentials, GDPR, and Cyber Essentials Plus.
At StarSwift, we help defence suppliers of all sizes meet DCC requirements confidently. From initial risk mapping to evidence preparation and assessment readiness, we offer deep MOD and cyber compliance expertise. Whether you’re aiming for Level 0 certification or preparing a Level 3 audit, our tailored support ensures you meet your contract’s cyber expectations.
Each DCC level corresponds to the level of cyber risk identified in your MOD contract. The framework is structured as follows:
For very low risk contracts. Requires:
The focus is on foundational cyber hygiene to protect minimal-risk data.
For low to moderate risk contracts.
Introduces governance controls including defined roles, responsibilities, and oversight structures.
Builds upon Level 0 by introducing layered organisational measures alongside technical controls.
For high-risk contracts. Requires:
For substantial-risk contracts.
Designed to counter sophisticated threat actors, this level introduces an additional 5 complex controls beyond Level 2.
Emphasises a ‘defence-in-depth’ model and mature security capabilities across systems and people.
Defence Cyber Certification enables suppliers to demonstrate operational resilience and cyber maturity to MOD buyers. StarSwift offers streamlined, expert-led pathways to compliance that align with evolving MOD expectations.
Clear progression from basic to advanced cybersecurity controls depending on your contract’s sensitivity.
Structured around industry-recognised frameworks that promote confidence in defence procurement.
Enables organisations to meet cyber protection standards embedded in MOD contract clauses.
Drives continuous improvement in security governance, planning, and operational response.
StarSwift brings practical experience supporting MOD-aligned audits, supply chain reviews, and certifications.
Get in touch today to find out more about the Defence Cyber Certification (DCC), and how the we can help your organisation.
Find the most frequently asked questions and find your answer
DCC is a MOD-backed certification for all suppliers that deliver outputs under MOD contracts, ensuring proportionate cybersecurity based on contract risk.
There are four: Level 0 (Basic), Level 1 (Enhanced), Level 2 (Advanced), and Level 3 (Expert), each with increasing control depth.
Your MOD contract will specify the Cyber Risk Level (Very Low to Substantial), which maps directly to a DCC certification level.
Yes. Level 0 requires Cyber Essentials, while Level 2 and above requires Cyber Essentials Plus.
Level 3 introduces five complex new controls for advanced threat detection, response planning, and operational resilience, on top of Levels 1 and 2.
Yes. You can move between levels if your contract scope or risk profile changes.
Level 0 and 1 may take a few days; Level 2 and 3 can take 2–6 weeks depending on readiness and audit requirements.
Absolutely. From risk profiling and readiness reviews to submission and audit management, we support you end to end.
Yes. Sub-tier suppliers handling sensitive information or systems must also demonstrate compliance with the appropriate DCC level.
Musketeer Solutions
Business Director Peterborough, Management Consultancy East Anglia
We are incredibly pleased with the outstanding service provided by Rob Lancaster of StarSwift in supporting us through the Cyber Essentials certification process and delivering ongoing IT security services. Rob has worked with us for several years and established an excellent understanding of our business and requirements.
Hallinans
Namita, Managing Director
We were fortunate to be invited to work with Rob and he made the process seamless, straightforward and without the jargon and complication that often comes which computers and technology. Rob’s knowledge is first rate as is his swift communication and competitive pricing. Options were always provided to us along with reasoning and recommendation. Cannot recommend Rob and StarSwift highly enough.
Lone Star Analysis
Kat Simmonds, CoS
Well organised, Rob is very clear in his explanations and communicates well throughout the assessment.
Growth Studio Group
Andy Bennett, Director
Rob was extremely helpful and responsive to questions we had with our Cyber Essentials Certification. It made the whole process seamless.
