In today’s complex threat landscape, demonstrating robust cyber resilience is essential to compete for MOD and defence sector contracts. The new Defence Cyber Certification (DCC) framework — developed by the MOD in partnership with IASME — sets a high bar for supplier cyber assurance across the defence supply chain.

At Advent IM, we support organisations of all sizes to confidently navigate the DCC lifecycle — from readiness assessments and gap analysis, implementation support to certification and ongoing compliance. Our deep experience in information security, defence assurance, and secure-by-design principles ensures you’re not just compliant, but positioned for long-term success.

The Defence Cyber Certification (DCC) is a comprehensive, organisation-wide cyber security certification framework for suppliers in the UK defence sector.  It provides assurance of organisational cyber resilience and aligns to broader international standards and best practice and is designed to strengthen cyber resilience and security of the UK defence sector’s supply chain. Rather than repeating assessments for individual contracts, DCC provides a single certificate that will cover all your contracts to the certified level.  Successfully obtaining and maintaining certification under the DCC scheme is a clear demonstration of an organisation’s ongoing commitment to cyber resilience in support of continued improvement to cyber resilience in UK Defence.

Key features of the DCC include:

• Organisation-wide assurance – it assesses your entire cyber security posture rather than individual systems or projects.
• Tiered certification levels – four levels (Level 0 to Level 3), aligned to risk and controls in Defence Standard 05-138.
• Baseline requirements – all levels require Cyber Essentials at minimum, with higher levels requiring Cyber Essentials Plus.
• Extended certification lifecycle – valid for up to three years with annual attestations, reducing repetitive contract-by-contract assessments.

This new approach reflects the MOD’s shift towards proactive, risk-based supplier assurance that aligns with broader international and industry best practice frameworks.

Achieving Defence Cyber Certification requires clear evidence of control implementation, scalable governance practices, and alignment to the DCC standard. Advent IM helps you navigate every step with confidence:

1. DCC Readiness Assessment

We conduct a detailed review of your current cyber security posture against the relevant DCC level. This includes mapping existing controls, identifying gaps, and defining practical remediations.

2. Scope Definition & Control Alignment

DCC scope must cover all applicable organisational functions. We help define the appropriate boundaries and align technical, procedural, and governance controls with Defence Standard 05-138 requirements.

3. Implementation & Evidence Preparation

Our consultants assist with policy development, control implementation, evidence preparation, and documentation — ensuring your submission meets the IASME assessment criteria.

4. Assessment Facilitation

We guide you through the IASME certification process, liaise with assessors, and provide practical support to maximise your assessment outcome.

5. Ongoing Compliance & Continuous Improvement

DCC certification is a journey, not a tick-box. We help you plan for annual attestations and maintain resilience over the full certification lifecycle.

Whether you’re already embedded in the defence sector or planning to tender for future MOD work, achieving Defence Cyber Certification can:

• Strengthen your position in MOD procurement and defence supply chains.
• Demonstrate organisational commitment to cyber resilience.
• Reduce redundant per-contract assessments.
• Build confidence with primes, partners, and regulators.