Short answer
Fig Group is the IASME-licensed UK body for Defence Cyber Certification at Level 0 and Level 1. The Cyber Essentials prerequisite is available from Fig Group as a separate purchase if you do not already hold it. For L2 and L3 we refer MOD suppliers to specialist providers on the IASME directory.
Why this matters
This question affects how buyers compare Cyber Essentials with broader assurance schemes. Cyber Essentials is a baseline technical certification, so the useful answer is not only what the scheme is called, but what it proves, who administers it, and when a buyer should ask for Cyber Essentials Plus or a wider framework such as ISO 27001.
For procurement teams, the practical test is whether the certificate covers the organisation and scope named in the contract. For applicants, the practical test is whether the five technical controls are implemented across the devices, users, networks, and cloud services that access organisational data.
What to check next
- Confirm the certificate holder and scope match the buyer requirement.
- Check whether the contract asks for Cyber Essentials or Cyber Essentials Plus.
- Use the NCSC register to verify a certificate before relying on it.
Official sources and related Fig guidance
For scheme-level confirmation, use the official NCSC and IASME resources rather than relying on a supplier claim alone. Fig Group links to these sources because Cyber Essentials buyers should be able to verify the scheme, the administrator, and the certificate record independently.