Cyber Security Readiness Portal
Essential 8 maturity + DISP certification preparation
What this portal does
This is your preparation workspace for two connected goals: assessing your organisation's cyber maturity against the ACSC Essential 8 framework, and preparing your Defence Industry Security Program (DISP) certification application.
Essential 8
Work through 8 controls, upload evidence, run AI audits, and track your maturity level (ML0–ML3).
DISP Certification
Complete your CSQ, build an action plan, register clearances, and prep for security interviews.
E8 is a prerequisite for DISP, not a separate track. DISP membership at Baseline and above requires your organisation to demonstrate ASD Essential 8 compliance at Maturity Level 2. Completing your E8 assessment here directly feeds your DISP application — you're not doing two things, you're doing one thing in the right order.
What you'll need
- Company registration details (ABN, ASIC extract)
- Ownership and FOCI disclosure information
- Names and citizenship status of your CSO/SO nominees
- Evidence of existing security controls (policy documents, screenshots, config exports, audit reports)
- Basic IT environment details (OS patching cadence, MFA deployment, backup regime)
What you'll get
- Essential 8 maturity score (ML0–ML3) across all 8 controls with gap analysis
- AI-evaluated evidence audit with strengths, gaps, and recommendations
- DISP CSQ mapping aligned to your E8 posture
- Action plan for remediation before submission
- Interview preparation pack for DISP security conversations
- Assessment Summary Report (ASR) — ready to carry into your DISP Member Portal application
Nothing submitted here goes to Defence directly. This is your preparation workspace. The official DISP application is lodged through the Defence Member Portal.
Pre-Assessment Questionnaire
Answer these questions to get an initial assessment of your E8 and DISP readiness. Takes about 3 minutes.
Your Pre-Assessment Results
Based on your answers. Review and use to guide your next steps.
Key findings
Essential 8 Controls
Initial posture based on your answers — click to jump to that control in the checklist
DISP Eligibility
Key requirements for DISP application — click to explore
DISP Security Domains
Posture across the four assessment areas — click to explore
question(s) skipped — these are marked as "Needs review" in your results.
Next steps
Dashboard
Organisation-wide Essential 8 maturity posture at a glance
Two pathways, one goal
E8 + DISPE8 is a prerequisite for DISP, not a separate track. DISP membership at Baseline and above requires ASD Essential 8 compliance at Maturity Level 2. Completing your E8 assessment here directly feeds your DISP application.
What you'll need
- Company registration details (ABN, ASIC extract)
- Ownership and FOCI disclosure information
- Names and citizenship status of your CSO/SO nominees
- Evidence of existing security controls (policy documents, screenshots, config exports, audit reports)
- Basic IT environment details (OS patching cadence, MFA deployment, backup regime)
What you'll get
- Essential 8 maturity score (ML0–ML3) across all 8 controls with gap analysis
- AI-evaluated evidence audit with strengths, gaps, and recommendations
- DISP CSQ mapping aligned to your E8 posture
- Action plan for remediation before submission
- Interview preparation pack for DISP security conversations
- Assessment Summary Report (ASR) — ready to carry into your DISP Member Portal application
Your progress is saved in this browser. If multiple people in your organisation need to contribute (e.g. IT lead for E8, Security Officer for DISP), each person should use their own browser or device.
Last: No audits yet
Control Maturity Snapshot
★ Uniform maturity = lowest ML across all controls (PSPF minimum: ML2)
Recent Audit Activity
No audit history yet. Run an audit from the Audit Results view.
What is DISP?
The Defence Industry Security Program (DISP) is how the Australian Government checks that businesses working with Defence can be trusted with sensitive information, systems, and assets. If your organisation is pursuing a Defence contract, responding to a tender, or working as a subcontractor to a Defence prime — DISP membership is a requirement, not an option.
What's involved?
DISP assesses your organisation across four areas: security governance, personnel security, physical security, and ICT and cyber security. You'll need documented policies, nominated security personnel, appropriate physical controls, and cybersecurity measures aligned with the ASD Essential Eight at Maturity Level 2.
Membership is ongoing — annual reporting, incident notification, and periodic reviews are all part of the commitment once you're in.
How long does it take?
Once your application is submitted, Defence typically takes around 90 days to assess it. The real variable is preparation.
Applications that arrive incomplete face delays and revision requests — and draft applications left inactive for 60 business days are automatically removed from the Defence portal. The work happens before you submit.
How this portal helps
This is your preparation workspace. The official DISP application is lodged through the Defence Member Portal — this tool gets you ready for that step.
Here, you'll work through each requirement at your own pace, upload your supporting documents, and identify any gaps before they become a problem. When you're done, you'll have everything consolidated and ready to carry into your formal application.
Nothing submitted here goes to Defence directly. This is your preparation space.
Key milestones
Your path from eligibility to membership
Loading schema...
No controls loaded. Schema may be unavailable.
Provider Directory
Australian cybersecurity service providers for Essential 8 implementation support.
No providers match your search
Try adjusting your search query or clearing the category filter.
Upload Evidence
Select a file to upload for LLM analysis. Files are uploaded directly to Cloudflare R2 via a presigned URL.
Drop a file here or click to browse
PDF, PNG, JPG, DOCX, CSV, TXT — up to 50 MB
Upload complete!
Upload failed
Upload History
| File | Date | Status |
|---|---|---|
No uploads yet. Drop a file above to get started.
Audit Results
Or select a previously uploaded document:
Evaluating control evidence…
Analysing against Essential 8 maturity model
Target:
Confidence Score
Findings
Recommendations
Identified Gaps
Audit History
No audit history yet. Run an audit above to get started.
CSQ Assessment
Defence Industry Security Program — Cyber Security Questionnaire. Answer all 107 questions across 4 domains.
Loading CSQ questionnaire...
Start a New Assessment
Existing Sessions
No sessions found. Start a new one above.
Describe or reference the document providing evidence for this question.
No questions match the current filter.
Assessment Submitted
Your CSQ responses have been submitted successfully for entity .
Annual Security Report
DISP annual self-attestation workflow. Manage roles, complete domain attestations, and submit for CSO review.
Loading...
ASR Sessions
No ASR sessions yet. Create a new Annual Security Report to get started.
Create New ASR
Status: · Created:
Domain Attestations
Workflow Actions
✓ ASR submitted on
ASR Summary
Action Log
No actions recorded yet.
Interview & Evidence Packs
Create and manage structured interview packs, evidence collections, assessments, and audit packs for Gap 8 preparation.
Loading...
Total
Draft
Finalised
Archived
Types
All Packs
No packs yet. Create a new interview or evidence pack to get started.
·
Step 1: Title & Type
Step 2: Include Evidence
Optional. Enter evidence file keys or reference IDs to associate with this pack.
Step 3: Notes & Review
Summary
Title:
Type:
Evidence refs:
Notes:
· Created: · Updated:
Are you sure you want to delete this pack? This action cannot be undone.
Details
Export Output
Policy & Documentation Repository
Manage policies, procedures, and documentation artefacts. Track review dates and map controls.
Loading policies...
Total
Draft
Reviewed
Approved
Current
Superseded
Some policies have past-due review dates. Please review and update them.
JSON array or comma-separated
Delete Policy?
This action cannot be undone. The policy will be permanently removed.
Maturity Action Plan
Plan and track actions to address maturity gaps
| Control | Action Description | Priority | Status | Target Date | Assigned To | Actions |
|---|---|---|---|---|---|---|
|
|
||||||
| No action plans found. Click "Create Plan" to add one. | ||||||
Clearance Register
Manage personnel security clearances and FOCI assessments
| Name | Role | Clearance Level | Clearance # | Expiry | FOCI Status | Actions |
|---|---|---|---|---|---|---|
| No personnel found. Click "Add Person" to register a new entry. | ||||||
Delete Person?
This action cannot be undone. will be permanently removed.