Our role
Our team belongs to the Defence Industry Security Office (DISO), and our primary role is to provide Cyber Security Assessments (CSA) to program applicants.
In addition to providing assessments, we provide uplift support which seeks to improve the cyber security hygiene of program applicants who are identified as having shortfalls in their cyber security.
Our assessments are based on self-attestation, being that an applicant completes a Cyber Security Questionnaire, for which we provide an assessment.
The purpose of our assessments
The purpose of our assessment is to ensure that all program applicants have an acceptable level of cyber security hygiene and to provide recommendations where shortfalls are identified.
The scope of our assessments
The scope of our assessment is subject to the Defence Security Policy Framework (DSPF), more specifically, DSPF 16.1 – Defence Industry Security Program.
DSPF 16.1 defines our assessment scope as “systems and services used to correspond with Defence”.
The DISO Cyber team provides Entry Level assessments only. We do not assess for Level 1 or above, as these levels require accreditation and certification of an applicant’s ICT systems.
At the entry-level, we’re assessing systems that may receive Defence information up to OFFICIAL: Sensitive.
Our Responsibilities within the program include:
– Conducting case-by-case assessments
– Ensuring assessments meet a set standard across the team
– Gathering necessary information to make an informed assessment
– Ensuring due diligence is conducted before making assessments