Practical guidance for meeting DSPF requirements across personnel, physical, cyber, and governance security domains — for organisations in the Australian defence supply chain.
DSPF Domains
DISP
Aligned
The DSPF spans personnel, physical, cyber, and governance security. Understanding what's required across all four domains — and how they interact — is a significant undertaking.
DSPF requirements can be difficult to interpret, especially for organisations encountering defence security frameworks for the first time.
Meeting DSPF requirements is fundamental to DISP membership. Gaps in any domain can delay or derail your DISP application.
Assessment of your current posture against DSPF requirements across all applicable security domains.
Targeted action plans for personnel, physical, cyber, and governance security gaps.
Security policies and procedures aligned to DSPF requirements and your operational context.
Clear mapping of your DSPF compliance to DISP membership requirements.
Hands-on guidance to implement DSPF controls and build the documentation Defence expects.
You're preparing for DISP membership and need to understand and meet DSPF requirements as the foundation for your application.
You need to maintain compliance with evolving DSPF requirements and ensure your security posture stays current.
Your prime contractor or Defence engagement requires demonstrated DSPF alignment across your security domains.
Federal department
Led the department's Essential Eight maturity review using ACSC verification methodology, then ran continuous-assurance activities through annual PSPF reporting and ASD cyber survey submissions — keeping E8 posture live between formal reviews.
Federal agency
Scoped, assessed, and reported on three high-priority SRAs in a single calendar year — an enterprise integration platform, a supplier-security uplift, and a public-facing online services portal with paired penetration testing — all delivered inside the agency's assessment window.
Federal agency
Delivered executive and board-ready cyber governance papers, stood up a Foreign Ownership Control and Influence process, and supported system accreditation activities across a shared-services environment — so the agency walked into its next review with defensible answers.
The DSPF is the framework that defines the security principles and requirements. DISP is the program that assesses organisations against those requirements for membership. Think of DSPF as the rules, and DISP as the registration process.
It depends on your DISP membership level and the nature of your defence work. We help you determine which domains and requirements apply to your specific situation.
The DSPF draws on elements from both the ISM (for cyber security) and PSPF (for protective security). We help you understand how these frameworks interact and where your existing compliance efforts already cover DSPF requirements.
For a pre-DISP SME, DSPF mapping and evidence prep typically runs 4-8 weeks. For existing DISP members it's integrated into ongoing member obligations so you're not pulling extra effort each review cycle.
DSPF work is scoped alongside your broader DISP or Essential Eight program. Pricing is provided per engagement after an initial scoping call.
DSPF is defence-specific and the evidence standards are exacting. We've mapped DSPF requirements against ISM and E8 for federal agencies — not a generic framework translated at arm's length.