Cyber Security for Australian defence contractors
DISP, Essential Eight, and supply chain security for organisations supplying to Defence and the Commonwealth. Navigate compliance complexity with confidence.
The realities of defence contractor compliance
Every Australian defence contractor faces a similar set of challenges. Strategic Cyber is designed to solve them.
DISP complexity is evolving
Requirements span personnel security, physical security, cyber security, and governance. New guidance arrives regularly and you need to stay compliant without constant re-work.
Prime contract flow-down obligations
Your prime contractor's security requirements flow down to your organisation. You need to demonstrate maturity to win and renew contracts — and losing even one is costly.
Essential Eight ML2 is harder than expected
You know you need to achieve Maturity Level 2, but your current posture has gaps. Implementation takes time and expertise you may not have internally.
Reporting doesn't match reality
Your MSP or IT provider's reports don't map to Essential Eight or DISP requirements. You can't translate their findings into compliance evidence, leaving you exposed at audit.
How we help defence contractors
We combine deep DISP knowledge with practical implementation expertise to get you compliant and audit-ready.
Essential Eight Assessment & Uplift
Full ML2 gap assessment with roadmap and remediation support.
DISP Support
Cyber-focused DISP support — the most scrutinised part of the application, handled by specialists.
CSQ Completion Assistance
Accurate, evidence-based Cyber Security Questionnaire preparation.
IRAP Assessment
ASD-aligned assurance for systems handling classified defence data.
Security testing coordination
Independent network and application security testing.
You need expertise you can trust
Defence contractors need a partner who understands DISP inside and out — and has the credentials to back it up.
Canberra-based, local presence
We're in the heart of Australia's defence sector. Our Braddon office puts us within reach of Defence establishments, Commonwealth agencies, and defence contractors that shape Australia's security landscape.
Defence-cleared consultants
All team members hold current AGSVA security clearances. We understand the federal government operating context because we've worked within it, with it, and for it for years.
Deep DISP expertise
We live DISP compliance. From understanding the latest DSG guidance to navigating CSQ complexities, we know the program inside out — so you don't have to learn it alone.
In-house IRAP assessor
Our in-house IRAP assessor is ASD-accredited. If your defence supply chain work includes classified systems, you have the assurance capability you need without hunting for external resources.
The numbers that matter
Defence contractors ask us these
What is DISP and do we need it?
The Defence Industry Security Program (DISP) is managed by Defence Industry Security and Governance (DISG) and sets security requirements for organisations supplying defence capabilities. If you currently supply, or want to supply, defence equipment or services to the Australian Defence Force or Commonwealth, DISP membership is typically a prerequisite. Even if you don't supply Defence directly, meeting DISP-equivalent requirements helps you meet prime contractor obligations and positions you for growth.
Is Essential Eight ML2 a DISP requirement?
Essential Eight Maturity Level 2 is a core component of DISP cyber requirements. It's not the only requirement, but it's foundational. Your organisation must demonstrate E8 ML2 compliance across all 8 mitigation strategies as part of your DISP submission and ongoing membership.
How long does DISP preparation take?
Preparation typically takes 3 to 6 months depending on your current maturity. This includes gap assessment, remediation, documentation, and CSQ completion. The Defence assessment phase (after application submission) adds additional months. We work with you on a realistic timeline based on your starting point and available resources.
What happens if we're not ready for DISP yet?
That's exactly what our free health check is for. We give you an indicative view of your readiness, a realistic timeline, and a prioritised roadmap to get there. Many organisations start with Essential Eight assessment and uplift, then move into DISP preparation once they've achieved ML2. There's no judgment — only a practical pathway forward.
Can you help us prepare for IRAP assessment?
Yes. If your defence supply chain work involves classified information or cloud systems for government, IRAP assessment may be required. Our in-house IRAP assessor is ASD-accredited and we provide readiness work to prepare you. If formal IRAP assessment is needed, we coordinate end-to-end and support throughout.