DISP readiness and ongoing compliance.
Achieve Defence Industry Security Program membership at the level your contracts require, then hold it with a managed annual practice.
DISP has shifted from approval to continuous assurance.
Since 15 November 2025, every DISP member must meet the full Essential Eight at Maturity Level 2 across in-scope corporate IT. The earlier Top 4 at Maturity Level 1 baseline has been retired. New applicants are assessed against the higher bar from the outset, and existing members are in scope for re-assessment and uplift.
Membership now carries a standing set of obligations: annual security reports, maturity action plan management, health checks and audit readiness. Acqsus delivers both sides. We do the one-time readiness work to get you in, and the ongoing practice to keep you there.
Assessed independently, against your target level.
Security Governance
Governance frameworks, formal risk management and board-level oversight.
Personnel Security
Clearances, access screening and personnel risk.
Physical Security
Facility and ICT physical protection.
ICT & Cyber Security
System hardening, the Essential Eight and technical controls.
Each domain is assessed independently against your target DISP level.
Membership tracks the information you handle.
Baseline membership. Sufficient for most subcontractors and vendors.
Baseline clearances, facility and ICT accreditation, formal risk management.
NV1 clearances, segregated networks, board-level governance and internal audit.
NV2 clearances, compartmented handling and continuous compliance reporting.
Assess your posture, close the gaps, prepare to apply.
One-time engagements that take you from where you stand to application-ready, or re-assessment-ready.
Four-Domain Gap Assessment
A complete baseline of your security posture across all four DISP domains, with a clear, prioritised path to application-ready.
- A clear picture of where you stand against the requirements.
- An executive briefing on your posture and recommended action.
- A prioritised remediation roadmap.
- A credible timeline to application-ready state.
Essential Eight ML2 Readiness
A focused cyber assessment aligned to the Defence Cyber Security Questionnaire at Maturity Level 2.
- Your cyber posture reviewed against the questionnaire.
- Essential Eight Maturity Level 2 readiness across the eight strategies.
- A Maturity Action Plan ready for the conditional membership pathway.
Discharge your ongoing DISP obligations as a managed service.
Predictable, audit-ready and board-reportable. We carry the standing obligations so your team can run the business.
Annual Compliance Assistance & Advisory
A standing line to senior security advice across the membership year.
Annual Security Report
Prepared, evidenced and submission-ready.
Maturity Action Plan Management
Tracked to closure against agreed target dates.
Essential Eight ML2 Drift Monitoring
Catching slippage before it becomes a finding.
OSA & Deep Dive Readiness Oversight
Prepared for Official Security Assessment and deep-dive review.
Quarterly Essential Eight Health Check
A regular control-level pulse on your cyber baseline.
Vendor Risk Program
Assessing and managing the risk your suppliers introduce.
Security Steering Committee Chair
Senior chairing of your security governance forum.
Audit Readiness
Evidence kept current, so an audit is a confirmation, not a scramble.
And more at scoping
Additional component services confirmed with you on a discovery call.
Three tiers, scoped to your level
| Component service | BasicCompliance essentials |
IntermediateTarget tier for most mid-market Level 1 and 2 |
AdvancedMature or highly regulated |
|---|---|---|---|
| Annual Security Report | ✓ | ✓ | ✓ |
| Maturity Action Plan Management | ✓ | ✓ | ✓ |
| Quarterly Essential Eight Health Check | ✓ | ✓ | ✓ |
| Essential Eight ML2 Drift Monitoring | – | ✓ | ✓ |
| Audit Readiness | – | ✓ | ✓ |
| OSA & Deep Dive Readiness Oversight | – | ✓ | ✓ |
| Annual Compliance Assistance & Advisory | – | – | ✓ |
| Vendor Risk Program | – | – | ✓ |
| Security Steering Committee Chair | – | – | ✓ |
Every service is available individually or as part of a bundle. We scope the right tier with you on a discovery call. Pricing is discussed in scoping, never published.
DISP, answered.
The Defence Industry Security Program is the framework that lets organisations work on Defence contracts that carry security requirements. Membership confirms that your governance, personnel, physical and ICT security meet a set baseline. If your contracts, or the contracts you are tendering for, require access to Defence information, facilities or systems, you will usually need DISP membership at the level the work demands.
From 15 November 2025, every DISP member must meet the full Essential Eight at Maturity Level 2 across in-scope corporate IT. The earlier Top 4 at Maturity Level 1 baseline has been retired. New applicants are assessed against the higher bar from the outset, and existing members are in scope for re-assessment and uplift.
The Essential Eight is the set of mitigation strategies published by the Australian Signals Directorate. Maturity Level 2 describes a defined, consistently applied implementation of all eight, assessed control by control. DISP now uses Maturity Level 2 as its cyber baseline because it reflects the level of discipline Defence expects of suppliers holding its information.
Membership is assessed across four domains: Security Governance, Personnel Security, Physical Security, and ICT and Cyber Security. Each is assessed independently against your target level, so a gap in one domain can hold up the whole application. We assess all four together and give you one prioritised plan.
It depends on where you start. A four-domain gap assessment runs over five to eight weeks. Closing the gaps that assessment finds varies with your current posture. Most organisations move from first conversation to active engagement within two to three weeks, and we give you a credible timeline to application-ready state as part of the assessment.
The levels track the classification of information and assets you handle. Entry covers OFFICIAL and OFFICIAL: Sensitive and suits most subcontractors. Level 1 covers PROTECTED. Level 2 covers SECRET, with NV1 clearances and segregated networks. Level 3 covers TOP SECRET, with NV2 clearances and continuous compliance reporting. We confirm the level your contracts actually require before you commit to it.
Find out which DISP level your contracts require.
Tell us your status and your timeline. We will give you the most direct path to membership and to holding it.