DISP MEMBERSHIP
AUSTRALIA
The complete guide for Australian defence suppliers — requirements, levels, application process, costs, and how to achieve first-attempt approval.
WHAT IS DISP MEMBERSHIP?
Administered by DISO within the Department of Defence. Underpinned by the Defence Security Principles Framework (DSPF).
DISP membership is Australia's mandatory security accreditation framework for companies that supply goods, services, or technology to the Australian Department of Defence. Administered by the Defence Industry Security Office (DISO), DISP establishes minimum security standards across four domains that all defence suppliers must meet and continuously maintain.
Without DISP membership, Australian companies cannot legally access classified Defence information (PROTECTED or above), attend restricted briefings, work on or near Defence establishments, or hold certain contract types under the Commonwealth Procurement Rules. As the Australian defence budget grows toward 2.4% of GDP under the 2023 Defence Strategic Review, DISP membership is increasingly the entry ticket to the largest government procurement market in the country.
DISP is not a one-time certification. It is a continuous compliance obligation — members must submit an Annual Security Report (ASR) to DISO, maintain their security posture, complete mandatory security awareness training, and notify DISO of any material changes to ownership, key personnel, or the scope of Defence work. Failure to maintain compliance can result in suspension or cancellation of membership, which immediately disqualifies the company from holding active Defence contracts.
Full guide: What is DISP?AGSVA clearances for SO, FSO, and all staff accessing classified material.
Zone classifications, access controls, and SCIF requirements by level.
Essential Eight ML2 minimum across all in-scope systems.
Governance over subcontractors and third-party access to Defence material.
FOUR LEVELS OF DISP MEMBERSHIP IN AUSTRALIA
Each level unlocks access to higher classification tiers. Most SMEs begin at Baseline.
Entry point for most defence supply chain work. Required for the vast majority of Defence contracts.
Required for access to SECRET information. Facilities must be configured as Secure Working Areas (SWAs).
For organisations handling TOP SECRET information. Significantly elevated infrastructure requirements.
Positive Vetting — reserved for the most sensitive national security roles in the defence enterprise.
Choosing the correct membership level from the outset is critical. Applying for a higher level than your contract actually requires creates unnecessary complexity, cost, and processing delays. DISO assesses applications against the actual risk profile of the work — applying at the right level from the start is faster and cheaper.
Full guide: DISP membership levelsWHO NEEDS DISP MEMBERSHIP IN AUSTRALIA?
Any Australian entity — from sole traders to ASX-listed primes — accessing classified Defence information must hold DISP membership.
BAE Systems, Thales, Lockheed Martin, and other primes mandate DISP for all subcontractors as a condition of engagement. If you supply to a prime, you need DISP.
Companies supporting Defence networks, data centres, mission-critical systems, or classified ICT environments must hold DISP before accessing any classified system.
Companies working on Defence facilities, bases, shipyards, or infrastructure projects — including construction, maintenance, and facility management — require membership.
Legal, financial, consulting, and advisory firms that handle sensitive Defence information or advise on classified programmes are within scope of DISP requirements.
Organisations conducting research, development, or testing on Defence-funded programmes — including universities and research institutes — must hold appropriate DISP membership.
Small and medium enterprises entering the defence supply chain for the first time. DISO has specific SME guidance — membership is achievable with the right preparation.
HOW TO APPLY FOR DISP MEMBERSHIP IN AUSTRALIA
Readiness Assessment
Conduct a gap analysis across all four DISP security domains against your target membership level. Identify remediation requirements, estimate costs, and establish a realistic timeline. This stage determines whether you apply now or invest in uplift first.
Security Plan Development
Prepare the Security Plan — the centrepiece of your application. This comprehensive document must cover your governance arrangements, personnel security procedures, physical security controls, ICT security architecture, and industrial security obligations. Vague policy statements without supporting evidence are the single most common reason applications are returned.
IRAP Assessment
Engage an ACSC-accredited IRAP assessor to conduct a formal assessment of your Essential Eight posture. The assessment must cover all systems used to process, store, or transmit Defence information and must be no older than 12 months at the time of application. Address all findings before submission.
Personnel Clearances
Nominate your Security Officer (SO) and Facility Security Officer (FSO) and initiate AGSVA clearance processing for both roles. Applications cannot be assessed until cleared personnel are in place. Clearance processing can take 3–12 months depending on the level — start early.
DISO Submission & Assessment
Submit the completed application through the DISP Member Portal. DISO will conduct a detailed review, may request additional information or a site visit, and will issue a decision. A well-prepared, complete application at the right membership level is the most effective way to achieve first-attempt approval.
DISP MEMBERSHIP COSTS AND TIMELINES IN AUSTRALIA
No government fee. Total compliance cost for SMEs: $30,000–$100,000. Timeline: 3–12 months.
Cost Breakdown
Varies by scope and number of systems in scope
Consultant-led; higher for complex organisations
Depends on existing infrastructure and target level
AGSVA processing is funded by the Commonwealth
ASR preparation, monitoring, training, and reviews
Timeline by Level
Assuming complete application and cleared personnel in place
Personnel clearance processing is typically the critical path
Complex infrastructure and clearance requirements extend timelines
Most intensive assessment process; reserved for critical national security roles
Critical: Timelines assume a complete, compliant application submitted at the correct level. Incomplete applications are returned and restart the clock. The 67% first-attempt rejection rate means most organisations lose 3–6 months on their first submission.
WHY DISP MEMBERSHIP APPLICATIONS FAIL IN AUSTRALIA
Incomplete Security Plan
The Security Plan must be comprehensive, evidence-based, and cover all four security domains. Vague policy statements without supporting procedures, diagrams, or evidence of implementation are the single most common reason for rejection.
Key Personnel Not Cleared
The SO and FSO must hold appropriate AGSVA security clearances before the application is assessed. Applications submitted without cleared personnel in these roles are returned immediately.
IRAP Assessment Gaps
An IRAP assessment identifying Essential Eight gaps — particularly at ML2 — stalls an application until remediation is complete and a new assessment is conducted. Submitting before gaps are closed is a costly mistake.
Physical Security Non-Compliance
Failure to meet physical security requirements for the proposed membership level — including zone classifications and access controls — is a common rejection reason for companies that underestimate the infrastructure investment required.
Wrong Membership Level
Applying for a higher level than the contract requires creates unnecessary complexity and delays. Applying at the right level from the start is faster and cheaper.
Late Clearance Initiation
AGSVA clearance processing can take 6–12 months. Companies that initiate clearances at the same time as application submission — rather than 6–12 months earlier — find clearance processing on the critical path.
DISP MEMBERSHIP SUPPORT FOR AUSTRALIAN COMPANIES
Serious Defence has supported 50+ DISP engagements across Australian defence, ICT, engineering, and professional services sectors.
End-to-end DISP application management. We prepare your Security Plan, coordinate your IRAP assessment, manage your AGSVA clearance nominations, and guide your application through DISO assessment to first-attempt approval.
Learn morePurpose-built software for DISP compliance management. Automates Annual Security Reports, maps control evidence to DSPF requirements, tracks clearance expiry dates, and provides real-time compliance visibility.
Learn moreA fully managed, DISP-compliant ICT environment that meets Essential Eight ML2 requirements out of the box. Eliminates the need to build and maintain your own compliant infrastructure.
Learn moreDISP MEMBERSHIP AUSTRALIA — FREQUENTLY ASKED QUESTIONS
5 key questions about DISP membership for Australian defence suppliers.
What is DISP membership in Australia?
DISP (Defence Industry Security Program) membership is the Australian Government's mandatory security framework for companies supplying goods, services, or technology to the Department of Defence. Administered by DISO (Defence Industry Security Office), it requires companies to meet minimum security standards across personnel, physical, information, and industrial security domains.
Is DISP membership mandatory for Australian defence contractors?
Yes. DISP membership is mandatory for any Australian company that accesses classified Defence information (PROTECTED or above), works on or near a Defence establishment, or holds a contract requiring access to sensitive Defence material. Without it, companies cannot legally hold these contracts under the Commonwealth Procurement Rules.
How long does DISP membership take in Australia?
A well-prepared Baseline DISP application typically takes 3–6 months to process. NV1 and higher applications can take 6–12 months or longer due to personnel clearance processing. Incomplete applications are returned and restart the clock, so preparation quality is critical.
How much does DISP membership cost in Australia?
DISO does not charge a membership fee. However, the cost of achieving compliance includes an IRAP assessment ($15,000–$40,000), Security Plan preparation, physical security infrastructure, and ongoing compliance operations. Total cost for most SMEs achieving Baseline membership ranges from $30,000 to $100,000.
What are the four DISP membership levels in Australia?
DISP has four membership levels: Baseline (access to PROTECTED information), NV1 (access to SECRET information), NV2 (access to TOP SECRET), and PV (access to the most sensitive national security information). Each level has progressively higher requirements for personnel clearances, physical security, and ICT controls.
START YOUR DISP
MEMBERSHIP TODAY.
Book a free DISP Readiness Assessment. We'll identify your gaps, scope the work, and give you a clear path to first-attempt approval.