What is DISP
Membership?
The Defence Industry Security Program (DISP) is the Australian Government's framework for assessing whether non-government organisations can be trusted to work with Defence information, people, and assets. This guide explains everything you need to know — sourced directly from Defence.gov.au.
The Australian Government's Defence Supply Chain Security Framework
The Defence Industry Security Program (DISP) supports Australian entities to understand and meet their security obligations when engaging in Defence tenders, contracts, and projects. It is a multi-level, membership-based program underpinned by the Defence Security Principles Framework (DSPF), specifically Principle 16, Control 16.1.
DISP is not a single checklist. It is an ongoing security relationship between your organisation and Defence. The program assesses your security posture across four interconnected domains — Governance, Personnel, Physical, and Information & Cyber Security — and assigns a membership level aligned to the classification of information you are accredited to handle.
Membership is open to any Australian entity looking to become part of the Defence supply chain. While not mandated in every circumstance, it is highly recommended for any entity currently working on Defence projects or seeking to partner with Defence.
The Four DISP Security Domains
DISP assesses your organisation across four interconnected domains. A weakness in one area often exposes risk in another. Your membership level within each domain is determined by the classification of data you handle.
Security Governance
Leadership accountability, documented security policies, risk-based decision-making, and evidence that security is actively managed at the executive level. The Governance domain must always equal the highest level held across all other domains.
- Security Management Plan (SMP)
- Facility Security Officer (FSO) appointed
- Annual Security Report (ASR) submitted
- Security risk register maintained
Personnel Security
Identifying key, relevant, and ancillary personnel; obtaining appropriate security clearances; and maintaining processes for onboarding, offboarding, and role changes. Personnel security is about trust and control, not just clearance levels.
- Security clearances obtained where required
- Personnel security obligations communicated
- Insider threat awareness program
- Clearance sponsorship processes documented
Physical Security
Protecting facilities, assets, and environments that handle Defence information. Controls must match the actual risk profile of your operations — not generic assumptions. Higher membership levels require certified secure areas.
- Access control to sensitive areas
- Visitor management procedures
- Physical security risk assessment
- Certified secure storage where required
Information & Cyber Security
How information is created, stored, accessed, transmitted, and protected. From Entry Level onwards, DISP requires alignment with the Australian Government Information Security Manual (ISM). From Level 1, Essential Eight Maturity Level 2 is mandatory.
- Information classification and handling
- Essential Eight ML2 (Level 1+)
- Cyber Security Questionnaire (CSQ) completed
- Incident response plan documented
Note: The Security Governance domain must always equal the highest level held across all other domains. Source: Defence.gov.au
Four DISP Membership Levels
DISP membership levels align with Australian Government security classifications. The higher the level, the more rigorous the assessment — and the greater the access to classified contracts and clearance sponsorship.
Entry Level
Suitable for entities handling unclassified or sensitive-but-unclassified Defence information. Cannot sponsor security clearances.
Level 1
The most common membership level for SMEs entering the Defence supply chain. Enables clearance sponsorship and access to PROTECTED-level contracts.
Level 2
Required for entities handling SECRET-level information. Significant uplift in physical security and ICT requirements.
Level 3
The highest tier, reserved for entities with access to TOP SECRET information. Requires the most rigorous security posture across all four domains.
Benefits of DISP Membership
As stated by the Department of Defence, DISP membership provides entities with the following benefits.
Sponsor Security Clearances
DISP members at Level 1 and above can sponsor their own employees for Australian Government security clearances — removing a major barrier to winning classified contracts.
Access International Contracts
DISP membership opens doors to international defence contracts and enables security clearance recognition by international partners under arrangements such as AUKUS.
Security Training & Materials
Members receive access to Defence security training, cyber security guidance, and current security information to assist in security planning and staff awareness.
Improved Security Posture
The DISP assessment process itself strengthens your security operating environment — giving you a structured framework to identify and close gaps before they become incidents.
Assurance for Defence Partners
DISP membership signals to Defence primes, subcontractors, and government entities that your organisation meets a verified security standard — a competitive differentiator in procurement.
Access to Security Advice
DISP members can access Defence security services and expert advice to help navigate complex security obligations across the supply chain.
Note: DISP membership does not guarantee Defence contracts. Contracts remain subject to standard procurement processes. Source: Defence.gov.au
How to Apply for DISP Membership
DISP applications are submitted through the Defence Supplier Portal (DSP) and assessed by the Defence Industry Security Office (DISO). The process involves demonstrating your security posture across all four domains before an application is lodged.
Timelines vary significantly based on your current security maturity and the membership level sought. Entry Level applications can be processed in as little as 3 months; Level 2 and 3 applications typically take 12–18 months or longer.
Determine Your Required Level
Review the classification of information you will handle and any contractual requirements. This determines which DISP membership level you need to apply for.
Meet Eligibility & Suitability Criteria
Demonstrate your organisation is financially sustainable, can deliver on-time, and has the governance structures to protect Defence information. An ABN is required.
Implement Security Controls
Build the required security posture across all four domains. For Level 1+, this includes achieving Essential Eight Maturity Level 2 and completing the Cyber Security Questionnaire (CSQ).
Apply via the Defence Supplier Portal
Submit your DISP application through the Defence Supplier Portal (DSP). Your application is assessed by the Defence Industry Security Office (DISO).
Assessment & Approval
DISO reviews your application, may conduct site visits or interviews, and issues your DISP membership certificate. Timelines vary from 3 to 18 months depending on level and readiness.
Ongoing Compliance
DISP is not a one-time certification. Members must submit an Annual Security Report (ASR), maintain their security posture, and notify DISO of significant changes.
"DISP is not about perfection. It's about a demonstrated, credible security maturity."
— GRC4, DISP Explained, December 2025
DISP Membership FAQ
Q.What is DISP membership?
The Defence Industry Security Program (DISP) is a multi-level, membership-based program administered by the Australian Department of Defence. It supports Australian entities to understand and meet their security obligations when engaging in Defence tenders, contracts and projects. DISP is underpinned by the Defence Security Principles Framework (DSPF), Principle 16, Control 16.1.
Q.Is DISP membership mandatory?
DISP membership is not mandated in all circumstances. However, depending on the type of work an entity undertakes with Defence, or any contractual requirements, DISP membership may be mandated. It is highly recommended for any entity currently working on Defence projects or seeking to partner with Defence.
Q.How much does DISP membership cost?
There is no direct membership fee for DISP. However, there are costs associated with implementing and maintaining the required security measures, which may include facility certification and accreditation, personnel security clearances, and physical security upgrades.
Q.What are the four DISP membership levels?
DISP has four membership levels aligned to Australian Government security classifications: Entry Level (OFFICIAL / OFFICIAL: Sensitive), Level 1 (PROTECTED), Level 2 (SECRET), and Level 3 (TOP SECRET). The higher the level, the more rigorous the assessment.
Q.What are the four DISP security domains?
DISP assesses organisations across four security domains: (1) Security Governance — leadership accountability, policies, and risk management; (2) Personnel Security — clearances, vetting, and access control; (3) Physical Security — facility protection and access management; (4) Information and Cyber Security — ICT controls, data handling, and cyber resilience.
Q.Can DISP members sponsor security clearances?
Yes. DISP membership gives entities the ability to sponsor their own employees for Australian Government security clearances. This benefit is not available for Entry Level membership — it requires Level 1 or above.
Related DISP Guides
How to Apply for DISP Membership
Step-by-step guide to the DISP application process, eligibility criteria, and the Defence Supplier Portal.
DISP Essential Eight ML2 Requirements
What Essential Eight Maturity Level 2 means for DISP members and how to achieve it.
DISP Annual Security Report (ASR)
What the ASR is, what it covers, and how to prepare a compliant submission.