hi@fortis-dpc.com | 03333 22 10 11

DEFENCE CYBER CERTIFICATION (DCC)

Defence Cyber Certification
Contact Us

Get support from one of the UK's leading cyber security consultancies for defence

Fortis DPC is an accredited Defence Cyber Certification (DCC) Level 0 and Level 1 Certification Body, authorised by IASME and the Ministry of Defence (MOD) to independently assess and certify suppliers operating within the Defence Supply Chain.

As a specialist defence cyber consultancy with security-cleared assessors, Fortis DPC delivers DCC assessments and targeted readiness support to help you achieve and maintain certification with confidence.

DCC Defence Cyber Certification - Certification Body Level 0
DCC Defence Cyber Certification - Certification Body Level 1

What is DCC?

If you’re a supplier in the defence sector, you will already know how vital strong cyber security is in supporting the UK Ministry of Defence (MOD) in meeting its objectives. The UK MOD expects its supply chain to safeguard its sensitive information and maintain resilience against evolving threats. Failing to meet DCC requirements could result in lost MOD contracts and reputational damage across the defence supply chain. That’s where the Defence Cyber Certification (DCC) scheme comes in.

The DCC scheme is the MOD’s cyber security assurance process for its suppliers. Alongside the Defence Standard 05-138 Issue 4, it sets out the security controls organisations must have in place to protect defence information and services.

Our DCC Services

Independent Certification (Level 0 & Level 1)

As an accredited Certification Body, Fortis DPC delivers:

  • Formal DCC assessments for Level 0 and Level 1
  • Evidence review and validation
  • Interviews with key personnel
  • Assessment reporting and certification decisions
  • Annual surveillance check-ins
  • Three-year recertification assessments

Our assessors are security cleared and experienced in defence cyber requirements, ensuring a smooth, professional and proportionate assessment process.

DCC Readiness & Pre-assessment Support

Many organisations benefit from support before undergoing their formal DCC assessment. We provide structured readiness services that help you to prepare effectively:

  • Gap analysis against DEFSTAN 05138
  • Review of policies, processes and technical controls
  • Evidence preparation and documentation support
  • Mock interviews and assessment walkthroughs
  • Prioritised remediation plans
  • Guidance on achieving compliance at Level 0
    or Level 1

This support is particularly valuable if you are new to defence contracting or transitioning to the latest CSM v4 requirements.

Levels of Defence Cyber Certification

There are different levels of certification, depending on the cyber risk associated with your work:

  • Level 0 – Very low level of assessed cyber risk to a Supplier delivering an output. It requires Supplier organisations to demonstrate basic cyber security practices.
  • Level 1 – Low to moderate level of assessed cyber risk to a Supplier delivering an output. It requires Supplier organisations to demonstrate a comprehensive cyber security programme with good practices.
  • Level 2 – High level of assessed cyber risk to a Supplier delivering a contracted output. It requires Supplier organisations to demonstrate advanced cyber security oversight and planning which drives robust organisational and cyber practices.
  • Level 3 – Substantial level of assessed cyber risk from a Supplier delivering a contracted output. Requires Supplier to demonstrate expert cyber security capabilities that fully take advantage of the ‘defence in depth’ methodology.

These Risk Profiles are defined by the Cybersecurity Model version 4.

The 5-Step Supplier Guide to Certification

Getting certified can feel overwhelming at first, but when broken down into five steps, the process becomes much more manageable. These steps are:

1. Define Your Scope

Remember, DCC isn’t just about the service you provide the MOD, it applies to your whole organisation. That means the people, processes, technology, physical and data assets used by your organisation may be required to be included in the scope of the DCC. At Fortis DPC, we help you translate this requirement into what it means for your organisation, so you know exactly what needs to be covered.

2. Gap Analysis

The next step is understanding where you stand against the DCC requirements. We can help you assess this, explain where the shortfalls are and, crucially, how you can meet the requirements in your specific context, showing you what’s achievable and realistic for your organisation.

3. Remediation

Once gaps are identified, it’s time to address them. We can provide clear technical advice, help you develop and refine processes, and create the documentation and supporting evidence you’ll need to demonstrate compliance.

4. Audit Preparation

For many organisations, the audit itself is the most daunting step. Your staff may not be used to being audited, and evidence gathering can feel overwhelming. We help prepare your teams by building confidence, providing advice and guidance, and reviewing your evidence package so everything is “audit ready”.

5. Certification

Finally, you’re ready to achieve certification. We can help you with this process by being present throughout, providing advice and guidance on any particularly difficult areas that you may be struggling to evidence.

Did You Know?

DCC certification is valid for 3 years but requires ongoing compliance checks.

How We Support You With Your DCC Requirements

Our role is to make the journey straightforward and achievable. We:

– Translate DCC requirements into language and actions relevant to your organisation.
– Provide expert advice on remediation, documentation and evidence-building.
– Build staff confidence in supporting an audit.
– Ensure you approach certification with no surprises.

With us by your side, you won’t just be “compliant”  – you’ll be prepared, confident and ready to demonstrate your cyber resilience to the MOD.

Contact Us
Compliance

Why Fortis DPC?

  • Accredited DCC Level 0 & Level 1 Certification Body
  • Security-cleared assessors with deep defence experience
  • Practical, proportionate guidance tailored to your organisation
  • End-to-end support – from readiness to certification
  • Trusted by defence primes, SMEs and specialist suppliers
  • Clear communication and a collaborative, customer-focused approach

We help defence suppliers build resilient, compliant cyber security practices that meet MOD expectations and strengthen their position in competitive procurement environments.

To discuss DCC certification or arrange a readiness review, contact our team at hi@fortis-dpc.com.