Question 1

What is DCC Level 0 certification?

Accepted Answer

DCC Level 0 is the entry-level certification under DefStan 05-138, the UK Ministry of Defence standard for cyber security in the defence supply chain. It is designed for suppliers with a very low assessed cyber risk and is built around three controls: Cyber Essentials as the pre-objective, UK GDPR compliance, and resilient networks and systems.

Question 2

Who needs DCC Level 0 certification?

Accepted Answer

UK defence suppliers whose work carries a very low assessed cyber risk, where a prime contractor or the MOD asks for Level 0 certification under DefStan 05-138. It is the starting point for SMEs entering the defence supply chain and is often where suppliers begin their DCC journey before moving to Level 1 as contracts grow in sensitivity.

Question 3

What does DCC Level 0 cover?

Accepted Answer

Level 0 is built on three DefStan 05-138 controls: Cyber Essentials (as the pre-objective), UK GDPR compliance, and resilient networks and systems. It focuses on basic cyber hygiene and is narrower than Level 1, which adds controls covering identity and access, asset management, physical security, personnel vetting, and incident response.

Question 4

How long does DCC Level 0 certification take?

Accepted Answer

Most organisations can complete Level 0 in four to eight weeks once they begin gathering evidence, though it varies with the state of your existing controls. Holding Cyber Essentials in advance covers the pre-objective for Level 0. Using Snubnose, scoping takes minutes and AI-assisted validation catches gaps before submission, which shortens the path to assessment significantly.

Question 5

What is DefStan 05-138?

Accepted Answer

DefStan 05-138 (Issue 4, May 2024) is the UK Ministry of Defence standard that defines cyber security requirements for the defence supply chain. It sets out the control framework that DCC is assessed against, structured into four progressive levels (0 to 3) of increasing security maturity, so that suppliers can match their certification to the sensitivity of the work they do.

Question 6

How does DCC Level 0 differ from Cyber Essentials?

Accepted Answer

Cyber Essentials is itself the pre-objective for DCC Level 0, so holding CE covers the largest piece of Level 0. What DCC Level 0 adds on top are two further DefStan 05-138 controls: UK GDPR compliance and resilient networks and systems. Level 0 is closely aligned with Cyber Essentials in scope. It is Level 1 and above that introduce the broader defence-specific requirements around identity and access, asset management, physical security, and personnel vetting.

DCC Level 0 certification,
made simple.

Everything you need for Level 0.
In one workspace.

Clear requirements.

Self-guided scoping.

Evidence that assessors can actually read.

Three controls.
One certification.

Cyber Essentials

UK GDPR compliance

Resilient networks and systems

Start at Level 0.
Grow with your contracts.

Basic.

Foundational.

Advanced.

Expert.

Start your
certification.

DCC Level 0 certification,made simple.

Everything you need for Level 0.In one workspace.