Cybersecurity for Australian defence contractors
DISP, Essential Eight, and supply chain security for organisations supplying to Defence and the Commonwealth. Navigate compliance complexity with confidence.
The realities of defence contractor compliance
Every Australian defence contractor faces a similar set of challenges. Strategic Cyber is designed to solve them.
DISP complexity is evolving
Requirements span personnel security, physical security, cyber security, and governance. New guidance arrives regularly and you need to stay compliant without constant re-work.
Prime contract flow-down obligations
Your prime contractor's security requirements flow down to your organisation. You need to demonstrate maturity to win and renew contracts — and losing even one is costly.
Essential Eight ML2 is harder than expected
You know you need to achieve Maturity Level 2, but your current posture has gaps. Implementation takes time and expertise you may not have internally.
Reporting doesn't match reality
Your MSP or IT provider's reports don't map to Essential Eight or DISP requirements. You can't translate their findings into compliance evidence, leaving you exposed at audit.
How we help defence contractors
We combine deep DISP knowledge with practical implementation expertise to get you compliant and audit-ready.
Essential Eight Assessment & Uplift
Full ML2 gap assessment with roadmap and remediation support.
DISP Application Support
End-to-end DISP readiness assessment and application preparation.
CSQ Completion Assistance
Accurate, evidence-based Commonwealth Security Questionnaire preparation.
Defence Supply Chain Security
Supply chain posture assessment and risk management for primes and subcontractors.
IRAP Assessment
ASD-aligned assurance for systems handling classified defence data.
Penetration Testing
Independent network and application security testing.
You need expertise you can trust
Defence contractors need a partner who understands DISP inside and out — and has the credentials to back it up.
Canberra-based, local presence
We're in the heart of Australia's defence sector. Our Braddon office puts us within reach of Defence establishments, Commonwealth agencies, and defence contractors that shape Australia's security landscape.
Defence-cleared consultants
All team members hold current AGSVA security clearances. We understand the federal government operating context because we've worked within it, with it, and for it for years.
Deep DISP expertise
We live DISP compliance. From understanding the latest DSG guidance to navigating CSQ complexities, we know the program inside out — so you don't have to learn it alone.
In-house IRAP assessor
Nick Kelly is an ASD-accredited IRAP assessor. If your defence supply chain work includes classified systems, you have the assurance capability you need without hunting for external resources.
The numbers that matter
Defence contractors ask us these
What is DISP and do we need it?
The Defence Industry Security Program (DISP) is managed by Defence Industry Security and Governance (DISG) and sets security requirements for organisations supplying defence capabilities. If you currently supply, or want to supply, defence equipment or services to the Australian Defence Force or Commonwealth, DISP membership is typically a prerequisite. Even if you don't supply Defence directly, meeting DISP-equivalent requirements helps you meet prime contractor obligations and positions you for growth.
Is Essential Eight ML2 a DISP requirement?
Essential Eight Maturity Level 2 is a core component of DISP cyber requirements. It's not the only requirement, but it's foundational. Your organisation must demonstrate E8 ML2 compliance across all 8 mitigation strategies as part of your DISP application and ongoing membership.
How long does DISP preparation take?
Preparation typically takes 3 to 6 months depending on your current maturity. This includes gap assessment, remediation, documentation, and CSQ completion. The Defence assessment phase (after application submission) adds additional months. We work with you on a realistic timeline based on your starting point and available resources.
What happens if we're not ready for DISP yet?
That's exactly what our free health check is for. We give you an indicative view of your readiness, a realistic timeline, and a prioritised roadmap to get there. Many organisations start with Essential Eight assessment and uplift, then move into DISP preparation once they've achieved ML2. There's no judgment — only a practical pathway forward.
Can you help us prepare for IRAP assessment?
Yes. If your defence supply chain work involves classified information or cloud systems for government, IRAP assessment may be required. We have an ASD-accredited IRAP assessor (Nick Kelly) on the team and provide readiness assessment to prepare you. If formal IRAP assessment is needed, we coordinate with the assessor and support throughout.