We lead the cyber security component of DISP applications — the most complex and heavily assessed domain — and support integration with governance, personnel, and physical security requirements.
DISP Readiness
E8 Maturity
ML2 ON TRACK
Cyber Readiness
72%
2 of 5 cyber controls met
DISP covers multiple security domains, but cyber is where most applications stall. E8 ML2, ISM controls, and evidence standards are specific and unforgiving — and most SMEs don’t have the in-house capability to get it right on the first attempt.
A rejected or delayed application means lost contracts and missed opportunities in the defence supply chain. The stakes are too high to figure this out on your own.
DISP requires specific understanding of defence security practices, focused on DSPF and E8, that your internal team hasn't encountered before.
Assessment of your cyber security posture against DISP membership requirements to identify gaps and required uplift.
Closing the cyber gaps — implementing and documenting the controls Defence reviewers will look for, in the format they expect.
Assessment and uplift of your E8 maturity — the core prerequisite for DISP cyber requirements. Assessed and remediated as an integrated workstream.
The cyber and ICT security sections of your organisational security plan, written to DISP standards and ready for Defence review.
Compiled, structured evidence demonstrating E8 ML2 and ISM compliance — the artefacts Defence needs to process the cyber component of your application.
When Defence comes back with cyber-related queries during their assessment, we prepare and support your responses — accurate, evidenced, and timely.
Hands-on guidance to implement DSPF controls and build the documentation Defence expects.
Milestone-based delivery aligning your environment, controls, and documentation to E8 ML2 in step with DISP submission.
We prepare your DISP submission and CSQ for the cyber security domain, ensuring requirements are clearly evidenced and documented.
We support submission and Defence assessment activities for the cyber security domain, responding to queries and clarifications as they arise.
We evaluate your ICT and cyber security environment and controls against DISP membership requirements — E8 ML2 and DSPF-aligned obligations — and give you a clear picture of where you stand.
We close the cyber gaps — implementing ISM/ASD-aligned controls, building the cyber sections of your security plan, and progressing towards E8 ML2.
We prepare your DISP application and CSQ (Cyber-Security Questionnaire) for the cyber security domain, ensuring requirements are clearly evidenced and documented.
We support submission and Defence assessment activities for the cyber security domain, responding to queries and clarifications as they arise.
You've been told DISP is required and need to understand what's involved and how to meet the cyber security requirements.
Your environment introduces additional complexity, and you need to meet DISP cyber security requirements in a controlled and defensible way.
A contract or prime requirement demands DISP registration within a defined timeframe, and you need to move quickly.
DISP member
Supported a DISP member through annual security reporting by preparing cyber security evidence and completing the CSQ. The submission was accepted without a maturity action plan for cyber, indicating the evidence and responses met assessment expectations.
DISP member
Supported a DISP member to address findings from an Ongoing Suitability Assessment across governance and operational domains, ensuring recommendations were closed and evidence prepared for review.
Yes. Defence allows conditional membership pathways where ML2 gaps can be addressed post-membership under a defined action plan.
Preparation typically takes 3–6 months depending on your current maturity and documentation. Defence assessment timelines vary based on demand and prioritisation. Priority applications may be processed in around 90 days once assigned, while others may take longer depending on the queue. (Source: How to apply | Business & Industry | Defence)
For a prepared environment, we typically move from readiness assessment to submission in 3–4 months. Overall timelines depend on your starting position and Defence's assessment queue.
DISP covers governance, personnel security, physical security, and ICT and cyber security (including Essential Eight). We focus on the cyber security domain and support integration with the broader security requirements where needed.
Self-submissions may stall on evidence quality and interpretation of requirements. We bring experience aligning cyber security evidence to DISP expectations and supporting organisations through the assessment process.
Start with our free health check — scoped to E8 readiness. We'll give you an indicative view of your cyber security maturity and a realistic timeline. It gives you clarity on what's needed without any commitment.
DISP engagements are scoped and priced individually because the gap between current state and Defence's requirements varies widely. We'll give you a firm range after a free health check so you know what to allocate.