What is a DISP Maturity Action Plan (MAP)?

If your business is part of the Defence supply chain, you’re likely familiar with the Defence Industry Security Program, or DISP. This year, as memberships are reviewed and new applications are assessed, many businesses are being provided with a Maturity Action Plan (MAP).

Receiving a plan like this might seem daunting, but it’s actually a positive step. Let’s break down what a MAP is and why it’s becoming a standard part of the DISP process in 2025.

What is a Maturity Action Plan?

Think of a MAP not as a report card, but as a roadmap. It’s a tailored plan provided by Defence to help your business identify and address any gaps in your current security practices. It’s designed to guide you on your journey to meeting the required security standards for your DISP membership level.

The key thing to remember is that it isn’t a “pass or fail” assessment. The MAP is a supportive tool that outlines clear, actionable steps your business can take to improve its security posture over time. It provides a structured pathway to “level up” and ensure you are aligned with Defence’s security expectations.

Why Am I Receiving a MAP Now?

While the concept of a Maturity Action Plan isn’t brand new, many businesses will be receiving one for the first time this year. This is largely due to the significant cyber security changes introduced by Defence last year.

The reality is that many businesses in the supply chain were either unaware of the updated requirements, or if they were aware, they lacked a continuous improvement roadmap. Without such a plan, it’s difficult to ensure that cyber securitymoves forward as a part of normal Business As Usual (BAU) operations.

The MAP is Defence’s way of formally bridging that gap. It provides a clear and structured path to help every partner meet the new, heightened security baseline required to protect the entire supply chain.

Entry-Level Cyber Security: What You Need to Know

One of the biggest changes you’ll see in your MAP relates to the cyber security baseline. This represents a significant step-up in expectations for Defence industry partners.

Previously, the focus for entry-level membership was on implementing four key domains from the Essential Eight standard, at what was known as Maturity Level 1 (ML1). Think of this as getting the basic foundations right, like having good, strong locks on your doors and windows.

Now, the requirement has been raised significantly. It involves two key changes:

  1. Full adoption of the Essential Eight (E8): Instead of just focusing on four areas, businesses are now required to implement all eight security controls.

  2. An upgrade to Maturity Level 2 (ML2): The depth of implementation for these controls is also more demanding.

To use our analogy, if ML1 was about having good locks, ML2 is about adding a monitored alarm system, security cameras, and a documented plan for what to do during a break-in. It’s a move from a passive, set-and-forget posture to a more active, resilient, and continuously managed security footing.

Your MAP will outline the specific steps needed to bridge this gap. While the terminology is technical, the goal is simple: to ensure your business has a stronger, more holistic defence against modern cyber security threats, moving from a basic checklist to a mature security culture.

Financial Support is Available 

Recognising that these security uplifts require investment, the Australian Government has made Defence grants available to help support businesses in actioning their MAP requirements.

These grants are designed to ease the financial burden on small and medium enterprises and often operate on a co-contribution basis. They can typically be used to help cover costs for external consultancy, new software and hardware, and the training needed to meet your Essential Eight ML2 obligations.

For the most current information, eligibility criteria, and to apply, visit the official grants portal: https://www.defence.gov.au/business-industry/resources-support/defence-industry-development-grants-program

The MAP for Your Roadmap

Ultimately, the DISP Maturity Action Plan is a partnership. It’s a clear signal from Defence that they are invested in your success and security. By following your MAP, you’re not just ticking a box for compliance; you’re building a stronger, more resilient business that is ready for the challenges of today’s threat landscape.