Elevate DISP Compliance to Business Advantage

The Defence Industry Security Program (DISP), Australia's framework governing security for entities in the defence supply chain, has just passed a critical enforcement milestone. In September 2024, the Department of Defence significantly raised the bar on cyber requirements, mandating full compliance with the Essential Eight mitigation strategies at Maturity Level 2 (a benchmark for defending against targeted and advanced attacks). Until late 2024, many DISP participants could maintain membership with only the 'Top 4' controls in place.

A transitional phase allowed assessments against the partial standard, but that window closed definitively on 15 November 2025. As of that date, all DISP members—existing and new—must achieve and maintain full Essential Eight Maturity Level 2 across their IT environments, with no exceptions.

The timing is acute: the rule change forces immediate action. Organisations not yet at this level risk losing DISP membership, which is frequently a prerequisite for bidding on Defence tenders, securing contracts, or participating as subcontractors. Non-compliance effectively bars access to defence work involving sensitive or classified material, at a moment when Australia's defence budget and focus on sovereign capability sustain high demand for local suppliers.

The escalation reflects broader realities. Cyber threats to critical infrastructure and supply chains have intensified, with state actors and criminals exploiting weaknesses. The reforms align DISP more closely with Australian Signals Directorate guidance and national security priorities, ensuring the defence industrial base can withstand sophisticated attacks. For businesses, the shift transforms compliance from a regulatory checkbox into a strategic necessity—and potentially a differentiator. Those who exceed the baseline can demonstrate superior resilience, win greater trust from Defence and primes, and strengthen their position in a competitive market.

The impact hits hardest on small-to-medium enterprises in the supply chain, many of which are scrambling to implement and evidence the required controls. Larger players may leverage existing systems, but everyone faces heightened scrutiny through annual reporting and assurance processes. In practical terms, falling short means lost opportunities in one of Australia's most secure and lucrative government contracting domains.