DISP Compliance and the Defence Industry Supply Chain
Any organisation that is already or wants to be part of the Australian Department of Defence supply chain needs to be a member of the Defence Industry Security Program (DISP).
What is DISP?
The DISP is essentially a security vetting for Australian businesses. The DISP is managed by the Defence Industry Security Office (DISO) and DISO supports Australian businesses to understand and meet their security obligations when engaging in Defence projects, contracts and tenders.
“Whether you are an Australian business currently working with Defence or seeking to partner with us, we all have an obligation to contribute to the security of our people, information and assets.
There are many things Australian businesses can do to minimise security risks and raise their levels of security protection across the security categories of governance, personnel security, physical security, information and cyber security.
Instrumental to this is membership of the Defence Industry Security Program (DISP).”
Defence Industry Security Office
DISP membership is extremely important to many different business sectors. Whether it is higher education, manufacturing, transport, consulting, managed services or construction. If you’re looking to work in the Australian Department of Defence supply chain, or already are, then membership to the DISP is essential to ensure the protection of Defence and its assets.
The important bit, failure to gain membership will preclude organisations from lucrative federal contracts and have a financial impact on them.
The Australian Signals Directorate Top 4
In recent years within the cyber security sector in Australia, most of the discussion has revolved around the Australian Cyber Security Centre (ACSC) Essential 8. Although now a lot of the industry focus has shifted back to what the Essential 8 replaced, the Australian Signals Directorate (ASD) Top 4 some new changes have been put in place for DISP membership requirement. One of the membership requirements mandates the enforcement of the original ASD Top 4.
The ASD Top 4 includes:
- Application Whitelisting (Now referred to as Application Control)
- Patching applications
- Patching operating systems
- Restricting administrative privileges
ACSC data shows organisations can prevent up to 85% of Windows intrusion threats by implementing the ASD Top 4 so whether you’re looking at DISP membership or not it’s a worthwhile and important undertaking for an organisation.
Help with implementing the Top 4 controls
At Ivanti we’ve always focused on the Top 4 controls, our security products are used by organisations of all sizes across multiple business sectors in Australia.
While most organisations will already have an operating system patching process in place, the remaining three controls are all seen as a rather difficult, manual, and time-consuming controls to implement, it doesn’t have to be that way!
Ivanti Application Control can make whitelisting and restricting admin privileges very simple and quick. Allowing you to go from auditing to enforcement with a very fast return on investment and minimal administration overheads.
Ivanti has the largest catalogue of patch content for third-party apps and our patching products are securing over 180 million endpoints globally.
If an organisation is already using Microsoft Endpoint Manager to manage and patch their endpoints Ivanti can plug right into it with Ivanti Patch for MEM adding support for our 3rd patching catalogue.
If a mechanism for operating system patching isn’t in place, then Ivanti Security Controls can be used to cover both the applications and operating systems.
For more information on how Ivanti can help you with the Top 4 and Essential 8 you can view a video of our Essential 8 approach here: Ivanti ACSC Essential 8 or gain an overview on how to comply with the ACSC Essential 8 here.
Need DISP Compliance ASAP?
If you need to become compliant with the DISP and need to get those ASD Top 4 security controls in place quickly let us know. We have helped a number of organisations in the last 6 months who have needed quick compliance for a project or tender, and we have been able to support them implementing the controls efficiently, effectively and without user disruption.
Some handy references: