Defence Cyber Certification (DCC) is becoming an increasingly important cyber assurance requirement for organisations working in, or looking to enter, the UK defence supply chain.
While DCC is an organisation‑level certification, it can be scoped proportionately based on contract requirements and the Risk Assessment Reference (RAR). It is aligned to Defence Standard 05‑138, which sets out the cyber security controls expected of suppliers depending on the level of cyber risk associated with the work they support.
Most suppliers are not starting from zero. Many already have controls in place through Cyber Essentials, Cyber Essentials Plus, ISO 27001 or established internal security processes. The challenge is understanding how those controls align to Defence Standard 05‑138 and whether there is sufficient evidence to demonstrate this during assessment.
This is where preparation often becomes difficult.
The DCC Readiness Checklist focuses on the areas that most commonly cause problems during readiness reviews and assessment preparations. It is designed to help organisations sense‑check their current position, identify gaps early and avoid rushed remediation once tenders, onboarding or certification activity begins.
Download the checklist to:
- understand what DCC is likely to mean for your organisation
- identify where existing controls already support DCC requirements
- highlight gaps in governance, technical controls or supporting evidence
- prepare more confidently for future bids, onboarding or assessment activity