RED PIRANHA  ·  SOVEREIGN AUSTRALIAN DISP PROVIDER  ·  DISP-CERTIFIED MEMBER

Defence Industry
Security Program

DISP  End-to-end DISP enablement, delivered by an Australian DISP member.

DISP MEMBER
All four outcome areas
ECISO™
Electronic CISO retainer, unique offering
CRYSTAL EYE
Australian-owned platform, MDR 24/7
100% AUSTRALIAN
Australian SOC, Australian jurisdiction

Red Piranha is DISP certified, so we intimately understand the journey and the DISP ecosystem. We offer a comprehensive range of DISP solutions to get you secure and certified. Our sovereign capability provides supply chain assurance across the four key outcome areas.

Already supplying Defence, or working toward your first contract? Red Piranha is Australia's specialist DISP Membership attainment provider. Our team simplifies the full journey, from eligibility through to certification and ongoing membership, end-to-end.

As your trusted DISP partner, we can help with:

Initial Access
Exploit, credential reuse, phishing
Identity Abuse
Token/session takeover, MFA fatigue, 0Auth/app consent abuse
Discovery
Quiet enumeration via Graph/AD, privilege pathfinding
Lateral Movement
LOTL tooling, service-to-service pivots
EDR Degradation
Unhooking, BYOVD, policy tampering, sensor suppression
Persistence
Cloud + endpoint persistence, scheduled tasks, workload identities
Objective
Selective impact: espionage, extortion, disruption or resale of access

ONE PARTNER, ALL FOUR DOMAINS

All four DISP domains. One partner.

DISP assesses across Security Governance, Personnel Security, Physical Security, and ICT & Cyber Security. Red Piranha delivers direct service or structured guidance across every domain. No gaps in assessment.

RED PIRANHA  ·  COVERAGE STRIP  ·  ALL FOUR DOMAINS

DOMAIN 01  -  DIRECT

ICT & Cyber

Crystal Eye + TDIR Essential Eight ML2 107 control CSQ evidence 24/7 Australian SOC

DOMAIN 02  -  DIRECT

Governance

SRMP authorship Annual Security Report DSPF Principle 16 eCISO™ / vCISO retainers

DOMAIN 03  -  GUIDED

Personnel

AGSVA NV clearance pathway AS 4811:2022 screening SO / CSO delineation Insider threat policy

DOMAIN 03  -  GUIDED

Physical

Zone classification ASIO Standards alignment Facility certification Level-appropriate scoping

DIRECT DELIVERY

GUIDED SERVICE

Direct delivery where the assessment depth lies. Structured guidance where it matters most.

PROBLEM

Why DISP is harder than it looks.

DISP is a security maturity assessment, not a checklist. Three gates routinely block applications, and all three sit in Governance and Information & Cyber where Defence tests operating controls, not policy alone.

DISP APPLICATION GAUNTLET  ·  WHERE PROGRESS STALLS

START DISP MEMBER GATE 01 E8 ML2 gaps Mandatory baseline since 15 Nov 2025 Organisation-wide implementation Phishing-resistant MFA Application control GATE 02 SRMP weakness Foundation governance document Templates fail at assessment Must reflect operating controls GATE 03 Evidence without operations Defence tests operating controls 107 control CSQ needs real data Continuous detection required Acting on alarms, not just raising them
REQUIREMENTS

What DISP actually requires.

Four security outcome areas combine to form DISP membership. Governance and Information & Cyber carry the assessment depth, and they are where Red Piranha provides direct delivery.

DISP COMPLIANCE ARCHITECTURE  ·  FOUR OUTCOME AREAS

DIRECT DELIVERY

Governance

SRMP authorship
Incident Response Plan
Security training program
CSO / SO role definition
Annual Security Reporting
DSPF Principle 16
DIRECT DELIVERY

Info & Cyber

Essential Eight ML2 baseline
107 control CSQ
Continuous logging
24/7 monitoring
Incident detection
Maturity Action Plan
GUIDED

Personnel

AS 4811:2022 screening
AGSVA clearance pathway
Insider threat policy
Designated Security
Assessed Positions
GUIDED

Physical

Zone classification
ASIO T4 alignment
Facility certification
Access controls
Visitor management
DISP MEMBERSHIP

Pick the right level before you apply.

DISP membership is tiered to the classification of Defence work being pursued. Applying for a higher level than your contracted work requires is one of the most common rejection patterns. Each tier inherits and adds to the requirements of the one below.

DISP MEMBERSHIP LEVELS  ·  PROGRESSIVE REQUIREMENTS

SECURITY MATURITY · INHERITED & CUMULATIVE LEVEL · ENTRY OFFICIAL OFFICIAL:SENSITIVE + Governance baseline + Essential Eight ML2 + SRMP & IRP LEVEL 01 PROTECTED + adds to Entry + AGSVA Baseline clearances + PROTECTED-zoned environment + Higher assurance controls CSO & SO must be cleared Physical scope expanded LEVEL 02 SECRET + adds to Level 1 + AGSVA NV1 clearances + SECRET-zoned environment + Stronger assurance controls + ASIO T4 alignment Tighter access management Higher logging discipline LEVEL 03 TOP SECRET + adds to Level 2 + AGSVA NV2 + TS infrastructure + Full-spectrum security + TS-zoned facilities + Highest assurance Specialist sustainment required throughout

Apply at the level your contracted work requires, not the highest you might one day need.

APPROACH

Red Piranha approach.

Most DISP providers either document or detect. Red Piranha runs the full cycle. We deploy operational defence and we sustain it, beyond paperwork, under one Australian-owned engagement.

01ASSESSEligibility checkGap analysiseCISO™ scopedOUTPUTDISP gap snapshot 02IMPLEMENTAuthor SRMP, IRPDeploy Crystal EyeOperationalise E8 ML2OUTPUT107 control evidence pack 03SECURECrystal Eye TDIR live24/7 Australian SOCMITRE ATT&CK alignedOUTPUTContinuous detection 04SUSTAINAnnual Security ReportOSA / DDA readinesseCISO™ retainerOUTPUTOngoing membership CONTINUOUS · ANNUAL CYCLE
CAPABILITY

How Red Piranha delivers across the four outcome areas.

Governance and Information & Cyber are direct delivery; we build, deploy, and run them. Personnel and Physical are guided; we tell you what good looks like.

DIRECT DELIVERY

Governance

SRMP authorship and review
Incident Response Plan
CSO / SO role definition
eCISO™ retainer
DIRECT

Information and Cyber

Essential Eight ML2 (organisation-wide)
107 control CSQ evidence
Crystal Eye platform
MDR · 24/7 Australian SOC
GUIDED

Personnel Security

AGSVA clearance pathway
AS 4811:2022 screening
Insider threat policy
GUIDED

Physical Security

Zone classification mapping
ASIO T4 standards alignment
Facility certification readiness

Governance

DIRECT DELIVERY

SRMP authorship. Incident Response Plan. Security training program. CSO and SO role definition. Annual Security Report preparation and submission.

Ongoing governance retainer available through eCISO™ (remote) or vCISO (on-site). One of several Red Piranha advisory offerings.

Information & Cyber

DIRECT DELIVERY

Crystal Eye platform deploys Essential Eight ML2 organisation-wide. Modules: NDR, EDR, Managed Firewall, Vulnerability Scanning, DAS, Crystal Eye SOC.

MDR (Managed Detection and Response) runs 24/7 from the Australian SOC. Produces 107 control CSQ evidence on demand. Detection content mapped to MITRE ATT&CK.