Defence Industry Security Program
The Defence Industry Security Program (DISP) is a whole-of-business security framework covering governance, personnel, physical, and ICT security.
Calexi specialises in the Information & Cyber Security domain of DISP.
We lead ICT uplift activities and coordinate with specialist partners across governance, personnel, and physical security—ensuring a complete and aligned DISP outcome.
Whether you are bidding into Defence, supporting a prime, or already delivering capability, DISP provides assurance that your organisation can operate securely and responsibly.
Learn more about DISP on the official Defence website
Why DISP Matters
DISP is more than a compliance requirement. It is a signal of trust.
Membership demonstrates that your organisation can:
- Protect Defence information and assets
- Manage cleared personnel responsibly
- Operate secure facilities and systems
- Meet Defence security expectations
- Participate confidently in Defence supply chains
For many organisations, DISP membership is a prerequisite for contract eligibility or a key differentiator in competitive bids.
Who DISP Applies To
You may need DISP if your organisation:
- Works directly with Defence
- Supports a Defence prime contractor
- Handles Defence information or assets
- Requires security cleared personnel
- Provides ICT or engineering services into Defence environments
Even where not mandatory, DISP demonstrates maturity and strengthens your credibility with Defence customers.
The Four DISP Security Domains
Defence assesses organisations across four core security areas:
Security Governance
Policies, leadership oversight, and risk management.
Personnel Security
Clearances, insider threat awareness, and personnel management.
Physical Security
Facilities, access controls, and asset protection.
Information and Cyber Security
Secure ICT environments aligned to Defence expectations.
Essential Eight is the foundation of DISP ICT compliance
If Essential Eight Maturity Level 2 is not achieved and sustained, organisations will not meet Defence expectations regardless of progress in other domains.
Calexi focuses on delivering this outcome. For most organisations, achieving DISP comes down to one critical requirement:
Implementing and sustaining Essential Eight Maturity Level 2. This forms the baseline of the Information & Cyber Security domain.
Calexi supports this through:
How Calexi supports DISP ICT uplift
We take a phased, evidence-first approach. Our approach is aligned to ISM, PSPF, and Defence expectations not generic best practice.
1. Baseline
Establish controls using existing tools and configurations
2. Uplift to ML2
Close gaps and implement required controls aligned to ISM
3. Evidence & validation
Generate and validate audit-ready evidence
4. Sustainment
Maintain compliance and continuously validate controls
Most organisations reach DISP ICT readiness in approximately 4 months (typical range 3–6 months). Timelines vary based on current maturity, number of users, and existing tooling.
When Should You Start Preparing?
Ideally before you need it. An uplift can take several months depending on maturity, particularly where ICT or governance improvements are required.
Starting early reduces risk and prevents delays in contract opportunities.
Funding your DISP uplift
DISP uplift activities can be expensive may be eligible for government funding.
Calexi supports:
- Defence Industry Development Grant (DIDG) – Security Stream
- State and federal uplift grants
We assist with:
- Scoping projects to meet funding criteria
- Supporting grant applications
- Aligning delivery to approved funding outcomes
Frequently Asked Questions
DISP is a Defence program that ensures organisations working with Defence meet appropriate security standards across governance, personnel, physical security, and cyber security.
DISP is mandatory where contract requirements specify it or where organisations need to access certain Defence information or facilities. Many organisations pursue membership to improve competitiveness and demonstrate security maturity.
Most SMEs require Entry Level or Level 1 depending on whether they handle PROTECTED information or require cleared personnel.
Timelines vary depending on organisational maturity but typically range from a few months to longer where significant uplift is required.
Most organisations achieve essential eight readiness in 3–6 months, with 4 months being typical. Timelines vary based on current maturity, number of users, and existing tooling.
ICT environments supporting DISP must demonstrate appropriate cyber security controls. Essential Eight Maturity Level 2 is mandatory for companies seeking DISP membership.
Often yes. Many primes require their suppliers to hold DISP membership depending on the nature of work and information access.
Organisations must maintain compliance, manage changes, and demonstrate ongoing security maturity. Renewal and assurance activities are part of maintaining membership.
Maintaining compliance with Essential Eight Maturity Level 2 can be complex and resource-intensive, often requiring specialist expertise. That’s why Calexi offers a dedicated Essential Eight managed service helping organisations achieve and sustain compliance with confidence.
Yes. We support fixed scope, phased delivery, and managed service models depending on client needs.
Yes. We support Defence Industry Development Grant (DIDG) – Security Stream and other relevant programs.
Costs vary depending on starting maturity, size, and existing tooling.
As a guide:
- Small organisations (5–20 users): typically $30K–$70K for ML2 uplift
- Medium organisations (20–50 users): typically $60K–$120K+
Additional costs may include:
- Licensing (e.g. Microsoft Defender upgrades)
- Vulnerability scanning tools
- Backup or logging enhancements
Where eligible, grants such as the Defence Industry Development Grant (DIDG) – Security Stream can significantly reduce out-of-pocket costs.
We prioritise using existing tools first to minimise spend.
The main cost drivers are:
- Current maturity (ML0 vs ML1+)
- Number of users and devices
- Existing licensing and tooling
- Evidence gaps
Most organisations fall within a mid-five to low-six figure range for full ML2 uplift, depending on these factors.
We structure delivery in phases to control cost and align with funding opportunities.
Proven Capability in the Field
We’ve helped multiple Defence SMEs achieve Membership and Essential Eight cyber security maturity uplift within tight budgets and timeframes. Our work has improved client security postures, reduced overlapping technologies, and established sustainable, evidence-based compliance processes.
-
SME Essential Eight Compliance
A Defence industry SME required Essential Eight compliance to execute a Defence contract. Calexi delivered a full uplift in just four weeks, achieving ML1 across all areas, ML3 in key controls, and DISP membership within 3 months — reducing risk from very high to low/medium.
-
DISP – Defence Industry Security Program Uplift
A Defence SME needed DISP compliance but faced limited resources and low security maturity. Calexi delivered a full uplift within 6 months, achieving Maturity Level 2, Defence approval, and cost savings all while improving security culture and posture.
-
ASX Hybrid Cloud
An ASX-listed critical infrastructure company faced major risks from an aging, non-compliant ICT environment. Calexi staff delivered a hybrid cloud transformation during COVID-19, enabling 100% remote work, achieving E8 compliance in under a month, and ensuring no staff layoffs while strengthening security and scalability.
If you’re pursuing DISP, start with the ICT domain.
If that’s wrong, everything else becomes harder, slower, and more expensive.
Book a short call and we’ll tell you:
- Where you actually stand
- What it will take to reach ML2
- Whether you’re ready for DISP
No sales pitch just a clear answer.