Licensed
& Operated
Defence Industry
Simplify Your DISP Cyber Assurance
CYBERWHITE helps organisations and their advisors assess M365 environments against the Essential Eight at Maturity Level 2 and streamline the 107-question DISP Cyber Security Questionnaire.
Whether you manage compliance in-house or work with a trusted consultant, our platform accelerates the journey to ASR readiness.
The Challenge
How CYBERWHITE Helps
From Top 4 to Full Essential Eight ML2
The minimum cybersecurity standard for all DISP members has been elevated. This represents a meaningful uplift in the controls organisations need to demonstrate.
Previous (Top 4)
- Application control
- Patch applications
- Patch operating systems
- Restrict admin privileges
Now Required (E8 ML2)
- Application control (extended)
- Patch applications (2-week deadline)
- Configure Office macros
- User application hardening
- Restrict admin privileges (reviews)
- Patch operating systems (2-week deadline)
- Multi-factor authentication (privileged users + internet-facing services)
- Regular backups (daily, tested)
ASR-Ready in 3 Steps
Connect your Microsoft 365 tenant, run the scan, download your evidence package.
Connect & Scan
One-click M365 connection via OAuth. Our compliance agent checks your Essential Eight ML2 configuration automatically using the Microsoft Graph API, auto-populating 49 of the 107 CSQ questions.
- Application control policies
- Conditional Access & MFA
- Patch management status
- Admin privilege configuration
- Backup & recovery settings
CSQ Auto-Fill
Scan results auto-populate 49 of the 107 CSQ questions. Guided prompts for the remaining governance questions.
- 49 questions auto-answered from scan
- Evidence attached per question
- Gap analysis for manual items
- Guided prompts for governance
- Progress tracking by strategy
Evidence Package
Download your complete DISP evidence package | CSQ report, control evidence, and remediation plan | ready for your ASR.
- ASR-formatted CSQ report
- Control-by-control evidence
- Compliance gap summary
- Prioritised remediation plan
- Policy-as-code templates
All 8 Strategies Covered
Every Essential Eight strategy at Maturity Level 2, checked with real evidence from your Microsoft 365 environment.
Patch Applications
Patch Operating Systems
Multi-factor Authentication
Restrict Admin Privileges
Application Control
Restrict Office Macros
User App Hardening
Regular Backups
107 CSQ Questions. 49 Auto-Answered.
Our scanner maps results directly to each CSQ question, attaching evidence automatically.
- Technical questions auto-populated from scan data
- Evidence attached per question for ASR submission
- Governance questions with guided prompts
- Per-strategy progress tracking and gap analysis
- Export CSQ report in ASR-ready format
CSQ Completion
Manual vs Automated Assessment
See how automation complements your existing compliance workflow.
Manual Process
CYBERWHITE
Who We Work With
Current DISP Members
Understand your current ML2 posture and build an evidence package ahead of your next Annual Security Review.
Explore the platform โNew DISP Applicants
Establish your ML2 baseline early in the application process and present a clear compliance position from day one.
Get started โConsultants & MSPs
Support your DISP clients with automated ML2 scanning and evidence collection. Manage multiple organisations from one dashboard.
Partner with us โUnderstanding the DISP Requirements
The updated DISP framework reflects the evolving threat landscape facing Australia's defence industry.
Uplift Program
Members who have not yet met ML2 may be placed in the Uplift Program to support their transition.
Contract Eligibility
Active DISP membership is a prerequisite for tendering and maintaining many defence contracts.
Supply Chain Expectations
Prime contractors increasingly expect their suppliers to demonstrate current DISP compliance.
# Essential 8 ML2 - MFA Enforcement
# Auto-generated by CYBERWHITE
$MFAPolicy = @{
DisplayName = "ML2-MFA-AllUsers"
State = "enabled"
Conditions = @{
Users = @{
IncludeUsers = @("All")
}
Applications = @{
IncludeApplications = @("All")
}
}
GrantControls = @{
BuiltInControls = @("mfa")
Operator = "OR"
}
}
# Deploy via Microsoft Graph API
New-MgConditionalAccessPolicy @MFAPolicyFrom Assessment to Remediation
Many ML2 controls come with ready-to-deploy remediation: PowerShell scripts and Intune JSON policies for your M365 environment. Others include guided manual steps and attestation.
- Conditional Access policies for MFA enforcement
- Windows Update rings with ML2-compliant deadlines
- Attack Surface Reduction rules for Office macros
- Device compliance policies for user hardening
- Backup configuration with immutable storage
Ready to Simplify
Your DISP Compliance?
Book a walkthrough to see how CYBERWHITE scans your M365 environment against the Essential Eight at Maturity Level 2 and streamlines the 107-question DISP Cyber Security Questionnaire.
No commitment required. A brief conversation to see if CYBERWHITE is the right fit for your organisation.