The Defence Industry Security Program (DISP) is the membership program a business must hold to work on Defence contracts that involve security requirements. It is administered by Defence, underpinned by the Defence Security Principles Framework, and sets requirements across four security domains and four membership levels, mapped to the Australian Government information classifications. Since 15/11/2025, all members must also meet the ASD Essential Eight at Maturity Level 2.
For a business that wants to work with Defence, DISP membership is often the entry ticket. This page explains the four security domains, the four membership levels and what each allows, the Essential Eight requirement that now applies to every member, and how to prepare for and keep membership.
Overview
What is the DISP?
The Defence Industry Security Program is the framework through which Defence assures the security of the businesses it works with. It is administered by the Defence Industry Security Branch within the Department of Defence and is underpinned by the Defence Security Principles Framework, specifically Principle 16. Membership gives Defence confidence that a supplier can protect Defence people, information, and assets, and gives the supplier access to classified work and sponsorship for security clearances.
The program is built on the same protective security thinking as the PSPF, applied to the defence-industry context.
The structure
The four security domains and membership levels
DISP requirements are set across four security domains: security governance and risk management, personnel security, physical security, and information and cyber security. A business selects a membership level for each domain, from Entry Level, through Level 1, Level 2 and Level 3.
The levels map to the information classifications: Entry Level corresponds to OFFICIAL and OFFICIAL: Sensitive; Level 1 to PROTECTED; Level 2 to SECRET; and Level 3 to TOP SECRET. A business can hold different levels across the domains, but the security governance level must always match or exceed the highest level held in any other domain. Clearance sponsorship is not available at the Entry Level.
Cyber requirement
The Essential Eight Maturity Level 2 requirement
Cyber security has become the sharpest DISP requirement. Following the conclusion of assessments against the top four mitigations on 15/11/2025, all DISP members are now required to achieve and maintain the full ASD Essential Eight at Maturity Level 2 across the corporate ICT environment they use to deal with Defence.
This is a significant lift for many suppliers. The Essential Eight is explained in the cyber security pillar, and meeting Maturity Level 2 is now a condition of membership rather than an aspiration.
Membership
How to prepare for and maintain membership
Preparing for DISP membership means assessing where the business stands against the requirements in each of the four domains, closing the gaps, and assembling the evidence Defence will want to see. The cyber domain, with its Essential Eight Maturity Level 2 requirement, is usually the longest pole.
Membership is not a one-off. Members must maintain their security posture, report changes, and continue to meet the requirements of the levels they hold, including the Essential Eight obligation. Treating DISP as an ongoing program, not a certificate, is what keeps a supplier eligible for the work.
How we help
How Agilient supports DISP membership
Agilient helps defence-industry businesses achieve and maintain DISP membership across all four domains. As an Australian-owned security consultancy active in the defence sector, with membership of the Ai Group Defence Council and the Australian Industry and Defence Network, Agilient understands what Defence expects of its suppliers.
DISP readiness assessment
Where you stand against the requirements in each domain.
Security governance and risk
The governance and risk management program expects.
Personnel security
Screening, clearances and ongoing suitability.
Physical security
Facility security to the level you are seeking.
Information and cyber
Uplift to the Essential Eight at Maturity Level 2.
Membership maintenance
Keeping your posture and evidence current.
Agilient works across Sydney, Melbourne, Brisbane, Adelaide and Canberra.
Get DISP-ready, across all four domains
A readiness assessment shows where you stand against the DISP requirements and what it will take to reach the membership level your Defence work needs.
FAQs
Frequently asked questions
What is the DISP?
What are the four DISP security domains?
What are the DISP membership levels?
Do DISP members have to meet the Essential Eight?
Can you get a security clearance at Entry Level?
References
- Department of Defence, Defence Industry Security Program, defence.gov.au
- Department of Defence, DISP cyber and assurance — Essential Eight Maturity Level 2, defence.gov.au
- Department of Defence, Defence Security Principles Framework (Principle 16), defence.gov.au