Skip to contentAbout Fig Group
Defence Cyber Certification · L0

DCC Level 0, from £999.99 + VAT.

The entry point for UK MOD supplier cyber assurance. Documentation-led review against the MOD Cyber Security Model v4, three-year certificate validity, Cyber Essentials prerequisite included. Fig Group is IASME-licensed at Level 0.

Buy DCC L0 Micro Talk to a DCC assessor

£999.99

Starting price (Micro tier, ex VAT)

Very Low

Cyber Risk Profile this tier maps to

3 years

Certificate validity, annual attestation

DCC trust evidence

DCC evidence buyers should verify

Defence Cyber Certification buyers usually need four proof points before procurement approval: licence scope, price basis, Cyber Essentials prerequisite handling, and where the claim evidence lives.

Official IASME directory

Licence

IASME licence evidence

Fig Group publishes its IASME licence evidence and DCC Level 0 / Level 1 scope so procurement teams can verify the certification route before they buy.

Verify IASME licence

Pricing

Published DCC price logic

Level 0 is flat-priced by organisation size. Level 1 is range-priced because contract context, evidence maturity, sites, cloud footprint, and remediation need vary.

Review DCC pricing

Prerequisite

Cyber Essentials route included

DCC Level 0 and Level 1 require Cyber Essentials as the prerequisite. Fig can issue that prerequisite inside the DCC engagement where needed.

CE for defence suppliers

Claims

Claims tied to evidence

DCC speed, pricing, licence, and route claims are linked back to public trust pages rather than left as unqualified sales copy.

Review claim evidence

Practical rule: if the contract names Very Low Cyber Risk Profile, start with Level 0. If it names Low Cyber Risk Profile, start with Level 1. If it names Moderate or High, ask for a specialist L2/L3 referral rather than buying the wrong engagement.

DCC Level 0DCC Level 1Cheapest DCC support

Pricing

Flat-priced by organisation size

L0 scope is a constrained documentation review, so the fee is flat per tier - no scoping surcharge, no consultancy retainer, no quote round.

DCC Level 0

Basic · Very Low CRP

Micro

1-9 employees

£999.99+ VAT

One-off · 3-year validity

  • Cyber Essentials prerequisite included
  • L0 assessment against MOD CSM v4
  • 3-year certificate validity
  • Annual attestation support
Buy now
Most popular

Small

10-49 employees

£1,499.99+ VAT

One-off · 3-year validity

  • Cyber Essentials prerequisite included
  • L0 assessment against MOD CSM v4
  • 3-year certificate validity
  • Annual attestation support
Buy now

Medium

50-249 employees

£2,499.99+ VAT

One-off · 3-year validity

  • Cyber Essentials prerequisite included
  • L0 assessment against MOD CSM v4
  • 3-year certificate validity
  • Annual attestation support
Buy now

Large

250+ employees

£4,999.99+ VAT

One-off · 3-year validity

  • Cyber Essentials prerequisite included
  • L0 assessment against MOD CSM v4
  • 3-year certificate validity
  • Annual attestation support
Buy now

What L0 covers

Three things every L0 engagement delivers

01 · Documentation-led review

Evidence on paper, verified by an assessor

L0 is a documentation review against a constrained requirement set. The assessor confirms governance, identity, device, and supply-chain controls match what your evidence shows - no on-site testing or external scanning at this tier.

02 · MOD CSM v4 mapping

Mapped to the official spec

L0 assesses against the MOD Cyber Security Model v4 (updated December 2025) - the same specification used for higher DCC tiers, scoped to the controls relevant for Very Low Cyber Risk Profile contracts.

03 · Prerequisite included

CE bundled into the L0 fee

L0 requires a current Cyber Essentials certificate. If you don't already hold one, Fig issues it within the L0 engagement at no additional cost - so suppliers don't have to manage two parallel purchases.

The L0 process

From CRP confirmation to certificate

Five stages from purchase to issued certificate. Most prepared organisations complete L0 inside 2-3 weeks.

  1. 01

    Step 1

    Confirm CRP and scope

    We verify the contract requires Level 0 (matching its Cyber Risk Profile) and confirm the legal entity and asset scope that needs to appear on the certificate.

  2. 02

    Step 2

    CE prerequisite issued

    If you don't already hold Cyber Essentials, the baseline is issued same-day for compliant submissions. The L0 fee already covers this - no separate invoice.

  3. 03

    Step 3

    Evidence collection

    You provide governance, identity, device, and supply-chain control evidence. Most documents are already produced for CE - L0 extends the scope rather than starting fresh.

  4. 04

    Step 4

    Assessor review

    An IASME-licensed assessor reviews the documentation against the MOD CSM v4 control set. Findings are returned with structured remediation guidance.

  5. 05

    Step 5

    Certificate issued

    Pass: DCC Level 0 certificate issued, listed in the IASME DCC register, valid for three years with annual attestation. Engagement typically completes inside 2-3 weeks.

Who needs Level 0

Three buyer profiles

L0 is the right tier when the contract specifies a Very Low Cyber Risk Profile. Three supplier types most often land here.

Tier-2 / tier-3 MOD suppliers

Subcontractors to defence primes whose flow-down obligations specify a Very Low Cyber Risk Profile. L0 satisfies the contract without forcing higher-tier engagement costs.

Professional services into MOD

Consultants, recruiters, training providers, legal and accountancy services contracted into MOD work where data sensitivity is limited. L0 maps cleanly to lower-risk advisory engagements.

New defence-sector entrants

First-time defence suppliers stepping up from Cyber Essentials. L0 establishes the baseline DCC track record before bidding for higher-risk contracts that require L1 or above.

Important

Cyber Essentials is required, but already included

DCC Level 0 requires a current Cyber Essentials certificate as a prerequisite. If you don’t already hold one, Fig issues it within the L0 engagement at no additional cost - no separate purchase, no second invoice.

If you have CE

Buy L0 directly. We verify your existing CE certificate and proceed straight to L0 evidence collection.

See Cyber Essentials

If you don't yet

Buy L0. Fig issues the CE prerequisite same-day for compliant submissions, then runs the L0 engagement against the new certificate.

Buy DCC L0 Micro

L0 vs L1

How Level 0 differs from Level 1

Both tiers are IASME-licensed DCC engagements. The right tier depends on the Cyber Risk Profile the contract specifies.

Level 0

Documentation-led review

  • Maps to Very Low Cyber Risk Profile
  • Flat per-tier pricing (£999.99 - £4,999.99)
  • 2-3 week typical engagement
  • CE prerequisite, no L1 consultant
  • No on-site or technical testing

Level 1

Consultant + platform engagement

  • Maps to Low Cyber Risk Profile
  • Range pricing (£9,999.99 - £49,999)
  • 6-10 week typical engagement
  • Dedicated consultant + Fig platform
  • Three remediation rounds before assessment
See DCC Level 1 in detail

FAQ

Level 0 questions answered

How do I know I need DCC Level 0 specifically?

The contract or prime contractor specifies the required level based on the Cyber Risk Profile (CRP). Level 0 maps to Very Low CRP. If the contract requires Low, Moderate, or High CRP you need Level 1, 2, or 3 instead. Suppliers do not choose their own level - if uncertain, ask the contracting authority.

What's included in the L0 fee?

Cyber Essentials prerequisite (issued by Fig if you don't already hold it), the L0 assessment against MOD CSM v4, certificate issuance, three years of certificate validity, and annual attestation support. No separate consultancy or scoping invoices.

How long does Level 0 take?

Typically 2-3 weeks for a prepared organisation. The longest variable is evidence collection - L0 extends Cyber Essentials scope into governance, identity, device, and supply-chain documentation, so organisations with mature CE evidence move faster.

Do I need Cyber Essentials before DCC L0?

Yes - L0 requires a current Cyber Essentials certificate as a prerequisite. If you don't already hold it, Fig issues it within the L0 engagement at no additional cost. There is no separate Cyber Essentials invoice when you buy L0 from us.

How does L0 differ from Level 1?

L0 is a documentation-led review at a flat published price. L1 adds a formal scoping engagement, dedicated consultant, platform-supported gap analysis, and is priced as a range rather than flat (because L1 scope complexity varies materially). L1 is required when the contract specifies Low CRP rather than Very Low.

How long is the certificate valid?

Three years from issue, with annual attestation. The annual attestation confirms that controls remain in place during the validity window - it's a lighter check than the initial assessment, not a full re-issue.

DCC Level 0, on a published price.

Pick your tier, buy direct, and have your DCC L0 engagement scheduled - or talk to an IASME-licensed assessor first if you need to confirm your contract requires Level 0.

Buy DCC L0 Micro Back to DCC hub