DISP

Help achieve DISP accreditation by implementing and maintaining the Essential Eight, and the Top Four security controls

Looking to achieve DISP accreditation?

Huntsman Security’s Essential 8 solutions support DISP accreditation, as they provide visibility of an organisation’s alignment to the Essential Eight (incorporating the Top 4) security controls, including areas of non-compliance, performance metrics and cyber maturity scores.

 

An image showing the Essential 8 Auditor dashboard of security control performance metrics and maturity

Essential 8 Auditor – Summary Dashboard

 

The Australian Government’s Defence Industry Security Program (DISP) is a risk management and assurance program that enables industry partners to understand and meet their security obligations when engaging in Defence projects and tenders. DISP operates using the Defence Security Principles Framework (DSPF), which aligns with the Commonwealth’s Protective Security Policy Framework (PSPF).  The Top 4 of the ACSC Essential Eight controls are mandated by the PSPF.

The PSPF includes four outcomes:

  • Governance – Each entity manages security risks and supports a positive security culture in an appropriately mature manner ensuring: clear lines of accountability, sound planning, investigation and response, assurance and review processes, and proportionate reporting.
  • Information security – Each entity maintains the confidentiality, integrity and availability of all official information.
  • Personnel security – Each entity ensures its employees and contractors are suitable to access Australian Government resources, and meet an appropriate standard of integrity and honesty.
  • Physical security – Each entity provides a safe and secure physical environment for their people, information and assets.

 

PSPF core requirements for information security

The PSPF has a number of information security requirements.  The table below is an excerpt from the Government’s PSPF web page:  https://www.protectivesecurity.gov.au/information/Pages/default.aspx

 

Core requirements for information security

 

Sensitive and classified information

Each entity must:

  1. identify information holdings
  2. assess the sensitivity and security classification of information holdings
  3. implement operational controls for these information holdings proportional to their value, importance and sensitivity.
 

Access to information

Each entity must enable appropriate access to official information. This includes:

  1. sharing information within the entity, as well as with other relevant stakeholders
  2. ensuring that those who access sensitive or security classified information have an appropriate security clearance and need to know that information
  3. controlling access (including remote access) to supporting ICT systems, networks, infrastructure and applications.
 

Safeguarding information from cyber threats

Each entity must mitigate common and emerging cyber threats by:

  1. implementing the following Information Security Manual (ISM) Strategies to Mitigate Cyber Security Incidents:
    1. application whitelisting
    2. patching applications
    3. restricting administrative privileges
    4. patching operating systems.
  2. Considering which of the remaining Strategies to Mitigate Cyber Security Incidents you need to implement to protect your entity.
 

Robust ICT systems

Each entity must have in place security measures during all stages of ICT systems development. This includes certifying and accrediting ICT systems in accordance with the Information Security Manual when implemented into the operational environment.

 

How Huntsman Security solutions can help

Huntsman Security’s Essential 8 reporting and compliance solutions support DISP accreditation. The Essential 8 Auditor and Essential 8 Scorecard systematically collect and analyse events from your infrastructure, systems, services and applications to deliver comprehensive measurement against the ACSC Essential Eight mitigation strategies, including the Top 4: application whitelisting (application control), patch applications, restrict administrative privileges and patch operating systems.

 

Essential 8 Auditor

The Essential 8 Auditor executes an Essential Eight audit.  The product delivers a point-in-time view of an organisation’s security control effectiveness against the Essential Eight.  It is self-install, and can be implemented and operated by IT staff.  Results are exportable for sharing with security team colleagues, for inclusion in self-assessments or for distribution to a wider business audience locally or remotely.

 

a short video overview of the automated security audit tool, the Essential 8 Auditor

Watch the short video overview now

 

Essential 8 Scorecard

The Essential 8 Scorecard continuously monitors an environment to provide ongoing visibility of Essential Eight security control effectiveness.  This enables an organisation to track performance and compare performance across domains, business units and organisations.

Visit the Essential 8 Scorecard Product Page

 

Find out more

To arrange a product demonstration or discuss how you can measure the implementation and maintenance of the Essential Eight security controls in your organisation, contact us today.

Request more Info