What is DISP?

The Australian Government’s Defence Industry Security Program (DISP) is a risk management and assurance program that enables industry partners to understand and meet their security obligations when engaging in Defence projects and tenders.

Defence Security Principles Framework

DISP operates using the Defence Security Principles Framework (DSPF), which aligns with the Commonwealth’s Protective Security Policy Framework (PSPF). The ACSC Essential Eight controls are mandated by the PSPF.

The PSPF includes four outcomes:

  • Governance – Each entity manages security risks and supports a positive security culture in an appropriately mature manner ensuring clear lines of accountability, sound planning, investigation and response, assurance and review processes, and proportionate reporting.
  • Information security – Each entity maintains the confidentiality, integrity and availability of all official information.
  • Personnel security – Each entity ensures its employees and contractors are suitable to access Australian Government resources and meet an appropriate standard of integrity and honesty.
  • Physical security – Each entity provides a safe and secure physical environment for their people, information and assets.

PSPF core requirements for information security

The PSPF has a number of information security requirements. The table below is an excerpt from the Government’s PSPF web page: https://www.protectivesecurity.gov.au/policies/information-security

Core requirements for information security

Sensitive and classified information 

Each entity must:

  1. identify information holdings
  2. assess the sensitivity and security classification of information holdings
  3. implement operational controls for these information holdings proportional to their value, importance and sensitivity.

Access to information

Each entity must enable appropriate access to official information. This includes:

  1. sharing information within the entity, as well as with other relevant stakeholders
  2. ensuring that those who access sensitive or security classified information have an appropriate security clearance and need to know that information
  3. controlling access (including remote access) to supporting ICT systems, networks, infrastructure and applications.

Safeguarding data from cyber threats

Each entity must mitigate common cyber threats by:

  1. implementing the following mitigation strategies from the Strategies to Mitigate Cyber Security Incidents:
    1. application control
    2. patch applications
    3. configure Microsoft Office macro settings
    4. user application hardening
    5. restrict administrative privileges
    6. patch operating systems
    7. multi-factor authentication
    8. regular backups
  2. considering which of the remaining mitigating strategies from the Strategies to Mitigate Cyber Security Incidents need to be implemented to achieve an acceptable level of residual risk for their entity.

Robust ICT systems
Each entity must ensure the secure operation of their ICT systems to safeguard information and the continuous delivery of government business by applying the Australian Government Information Security Manual’s cyber security principles during all stages of the lifecycle of each system.

How Huntsman Security solutions can help you get DISP accreditation?

Huntsman Security’s Essential Eight reporting and compliance solutions support DISP accreditation. The Essential 8 Auditor and Essential 8 Scorecard systematically collect and analyse events from your infrastructure, systems, services and applications to deliver comprehensive measurement against the ACSC Essential Eight mitigation strategies.

Essential 8 Auditor

The Essential 8 Auditor provides on-demand cyber vulnerability and maturity assessment. The product delivers a point-in-time view of an organisation’s security control effectiveness against the Essential Eight. It is self-install and can be implemented and operated by IT staff. Results are exportable for sharing with security team colleagues, for inclusion in self-assessments or for distribution to a wider business audience locally or remotely.

a short video overview of the automated security audit tool, the Essential 8 Auditor

Watch the short video overview now

Essential 8 Scorecard

The Essential 8 Scorecard continuously monitors an environment to provide ongoing visibility of Essential Eight security control effectiveness. This enables an organisation to track performance and compare performance across domains, business units and organisations.

Visite the Essential 8 Scorecard Product Page

Find out more

To arrange a product demonstration or discuss how you can measure the implementation and maintenance of the Essential Eight security controls in your organisation, contact us today.

SIGN UP TO RECEIVE CYBER SECURITY INSIGHTS

Read by directors, executives, and security professionals globally, operating in the most complex of security environments.