Governance, Risk and Compliance
Defence Industry Security Program
End-to-end Defence Industry Security Program (DISP) services to assist with all stages of the process. Outcomes that ensure alignment with all requirements under DISP, DSPF and PSPF to support application lodgement and on-going compliance.
The Australian Defence Industry Security Program (DISP) is a principle within the Defence Security Principles Framework (DSPF). DISP is specific to industry that is contracted to complete work which involves Defence information. All industry with access to Defence information must hold a DISP Membership and must continuously apply the requirements.
At CyberCX, we encourage all organisations that have plans to work with Defence to review the DISP requirements and progress towards obtaining membership.
Benefits of Defence Industry Security Program (DISP)
for Australian organisations
Understand Defence nuances
The DISP Membership process can be complex and require specific understanding of expectations and requirements. We provide expertise to ensure the journey is straightforward.
Assistance at any stage
Regardless of where you are in your DISP Membership journey, our experts can support you in your next steps.
Technical guidance to support unique solutions
There is no one size fits all for Defence environments. We can provide advice and technical assistance to ensure that the solutions meet business needs and defences security requirements.
What is the Defence Industry Security Program?
DISP is a multi-level membership-based program underpinned by the Defence Security Principles Framework (DSPF). DISP has four membership levels within four security domains, membership levels align with Australian Government security classifications and are determined by the level of information an Industry Entity is accredited to handle.
The following depicts the DISP Security Domains that encompass the DISP requirements. The entity can have a different security level within each domain which is determined by the classification of data they are holding. The designated level determines the required security controls. The exception to this is the Security Governance Domain which must be equal to the highest level of the other domains.
| Level | Security Governance | Personnel Security | Physical Security | Information Security |
| Entry level | OFFICIAL / OFFICIAL: Sensitive |
OFFICIAL/
OFFICAL: Sensitive (Baseline) |
OFFICIAL / OFFICIAL: Sensitive |
OFFICIAL / OFFICIAL: Sensitive |
| Level 1 | PROTECTED (Baseline) | PROTECTED (Baseline) | PROTECTED | PROTECTED |
| Level 2 | SECRET | SECRET (NV1) | SECRET | SECRET |
| Level 3 | TOP SECRET | TOP SECRET (NV2) | TOP SECRET | TOP SECRET |
Why choose CyberCX for DISP?
DISP Membership is for all organisations that are seeking to complete work with Defence. Defence contractual obligations will stipulate that DISP membership needs to be obtained prior to commencing work and being granted access to Defence information.
The purpose of this process is to ensure that there is a secure and resilient defence industrial base which is essential to meeting Australia’s strategic objectives and maintaining Defence’s capability edge. Through the implementation of DISP Defence is assured that goods and services are delivered uncompromised. Accountabilities and responsibilities for security risk management are understood, and suitable risk reduction activities are applied to effectively manage industry security risks.
CyberCX has supported many organisations from across a wide range of industries in achieving and maintaining their DISP membership. With proven methodologies that can be tailored to your organisation’s specific context and requirements, a partnership with CyberCX will provide comfort that you’re following the right path to achieve your membership goals.
How do we measure maturity?
DISP Requirements are broken into the below 4 domains. Each domain has specific requirements organisations must meet. The implementations of DISP requirements affects all parts of the organisation including, onboarding and offboarding processes, security awareness, physical security and ICT Network requirements.
Security Governance
Ensures that there are people and processes in place to assist in the management of security within the entity.
Personnel Security
Ensures that entities implement and maintain policies and process in accordance with the Australian Workforce screening Standard AS4811-2022 and AGSVA security requirements
Physical Security
Ensures that entities implement and maintain physical security and access controls for their facilities.
Information and Cyber Security
Ensures that entities implement and maintain information and cyber security controls to protect Defence information. Security controls must be implemented to meet the ASD Essential Eight Maturity Level 2.
Ready to get started?
Find out how CyberCX can assist in navigating the DISP process with key Defence insights and technical expertise
Australia’s trusted
cyber security and cloud partner
Expertise at scale
More than 1,400 cyber security and cloud professionals delivering solutions to our customers.
Eyes on glass 24/7
Continuous monitoring of your network across our 9 advanced security operations centres globally.
Help when you need it
The region’s largest team of incident responders handle over 250 cyber breaches per year.
Assessing your needs
Industry-leading experts conduct more than 500 baseline security assessments per year.
Providing credible assurance
Our exceptional team of ethical hackers conducts over 3,000 penetration tests per year.
Training the next generation
The CyberCX Academy has trained 300 cyber security professionals in three years.
Cyber security services
End-to-end services covering every challenge throughout your cyber security and cloud journey.
Ready to get started?
Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.