SMB1001
Licensed

Australian Owned
& Operated

Built for
Defence Industry

Essential Eight ML2 for DISP

Simplify Your DISP Cyber Assurance

CYBERWHITE helps organisations and their advisors assess M365 environments against all 107 Essential 8 ML2 controls (48 ML1 + 59 ML2) and streamline the 107-question Cyber Security Questionnaire.

Whether you manage compliance in-house or work with a trusted consultant, our platform accelerates the journey to ASR readiness.

The Challenge

85%

Members still transitioning to ML2

107

ML2 control items (48 ML1 + 59 ML2)

E8 strategies at ML2

Controls auto-scanned via Graph API

How CYBERWHITE Helps

E8 controls scanned automatically

70%

CSQ auto-populated from scan

Auto

Evidence collected via Graph API

Ready

ASR-formatted evidence package

DISP Policy Update

From Top 4 to Full Essential Eight ML2

The minimum cybersecurity standard for all DISP members has been elevated. This represents a meaningful uplift in the controls organisations need to demonstrate.

Previous (Top 4)

Application control
Patch applications
Patch operating systems
Restrict admin privileges

4strategies required

Now Required (E8 ML2)

Application control (extended)
Patch applications (2-week deadline)
Configure Office macros
User application hardening
Restrict admin privileges (reviews)
Patch operating systems (2-week deadline)
Multi-factor authentication (all users)
Regular backups (daily, tested)

8strategies

107ML2 controls

107CSQ questions

ASR-Ready in 3 Steps

Connect your Microsoft 365 tenant, run the scan, download your evidence package.

Step 01

Connect & Scan

One-click M365 connection via OAuth. Our compliance agent scans 72 Essential 8 controls automatically (87 auto + 20 manual attestation = 107 ML2 total) using the Microsoft Graph API.

Application control policies
Conditional Access & MFA
Patch management status
Admin privilege configuration
Backup & recovery settings

Step 02

CSQ Auto-Fill

Scan results populate 70% of the 107-question CSQ automatically. Guided prompts for the remaining governance questions.

70+ questions auto-answered
Evidence attached per question
Gap analysis for manual items
Guided prompts for governance
Progress tracking by strategy

Step 03

Evidence Package

Download your complete DISP evidence package — CSQ report, control evidence, and remediation plan — ready for your ASR.

ASR-formatted CSQ report
Control-by-control evidence
Compliance gap summary
Prioritised remediation plan
Policy-as-code templates

All 8 Strategies Covered

Every Essential Eight strategy at Maturity Level 2, checked with real evidence from your Microsoft 365 environment.

🔄

Patch Applications

6 controls5 auto-checked

💻

Patch Operating Systems

6 controls5 auto-checked

🔐

Multi-factor Authentication

3 controls3 auto-checked

👤

Restrict Admin Privileges

3 controls2 auto-checked

🛡️

Application Control

3 controls1 auto-checked

📄

Restrict Office Macros

3 controls3 auto-checked

🔒

User App Hardening

7 controls7 auto-checked

💾

Regular Backups

5 controls1 auto-checked

CSQ Automation

107 CSQ Questions. 70% Auto-Answered.

Our scanner maps results directly to each CSQ question, attaching evidence automatically.

Technical questions auto-populated from scan data
Evidence attached per question for ASR submission
Governance questions with guided prompts
Per-strategy progress tracking and gap analysis
Export CSQ report in ASR-ready format

CSQ Completion

After 1 Scan

Patch Applications10/16 auto

Patch OS9/14 auto

MFA7/14 auto

Admin Privileges5/14 auto

Application Control2/12 auto

Office Macros5/11 auto

App Hardening9/12 auto

Regular Backups2/14 auto

49 / 107

Auto-populated from scan

Guided manual prompts

Manual vs Automated Assessment

See how automation complements your existing compliance workflow.

Manual Process

Gap Assessment

Spreadsheet-based

Timeline

Weeks to months

CSQ Completion

Manually per question

Evidence Collection

Screenshots & exports

Ongoing Monitoring

Periodic re-assessment

Remediation Guidance

Research required

CYBERWHITE

Automated

Gap Assessment

Automated scan

Timeline

Significantly reduced

CSQ Completion

70% auto-populated

Evidence Collection

Direct from Graph API

Ongoing Monitoring

Re-scan anytime

Remediation Guidance

Policy-as-code included

Who We Work With

Current DISP Members

Understand your current ML2 posture and build an evidence package ahead of your next Annual Security Review.

Explore the platform →

New DISP Applicants

Establish your ML2 baseline early in the application process and present a clear compliance position from day one.

Get started →

Consultants & MSPs

Support your DISP clients with automated ML2 scanning and evidence collection. Manage multiple organisations from one dashboard.

Partner with us →

Understanding the DISP Requirements

The updated DISP framework reflects the evolving threat landscape facing Australia's defence industry.

Uplift Program

Members who have not yet met ML2 may be placed in the Uplift Program to support their transition.

Contract Eligibility

Active DISP membership is a prerequisite for tendering and maintaining many defence contracts.

Supply Chain Expectations

Prime contractors increasingly expect their suppliers to demonstrate current DISP compliance.

ML2-MFA-Policy.ps1

# Essential 8 ML2 - MFA Enforcement
# Auto-generated by CYBERWHITE

$MFAPolicy = @{
  DisplayName = "ML2-MFA-AllUsers"
  State       = "enabled"
  Conditions  = @{
    Users = @{
      IncludeUsers = @("All")
    }
    Applications = @{
      IncludeApplications = @("All")
    }
  }
  GrantControls = @{
    BuiltInControls = @("mfa")
    Operator = "OR"
  }
}

# Deploy via Microsoft Graph API
New-MgConditionalAccessPolicy @MFAPolicy

Policy-as-Code

From Assessment to Remediation

Every ML2 control comes with ready-to-deploy remediation — PowerShell scripts and Intune JSON policies for your M365 environment.

Conditional Access policies for MFA enforcement
Windows Update rings with ML2-compliant deadlines
Attack Surface Reduction rules for Office macros
Device compliance policies for user hardening
Backup configuration with immutable storage

Ready to Simplify
Your DISP Compliance?

Book a 30-minute walkthrough to see how CYBERWHITE scans your M365 environment against all 107 Essential 8 ML2 controls (48 ML1 + 59 ML2) and streamlines the Cyber Security Questionnaire.

No commitment required. A brief conversation to see if CYBERWHITE is the right fit for your organisation.

Simplify Your DISP Cyber Assurance

The Challenge

How CYBERWHITE Helps

From Top 4 to Full Essential Eight ML2

Previous (Top 4)

Now Required (E8 ML2)

ASR-Ready in 3 Steps

Connect & Scan

CSQ Auto-Fill

Evidence Package

All 8 Strategies Covered

Patch Applications

Patch Operating Systems

Multi-factor Authentication

Restrict Admin Privileges

Application Control

Restrict Office Macros

User App Hardening

Regular Backups

107 CSQ Questions. 70% Auto-Answered.

CSQ Completion

Manual vs Automated Assessment

Manual Process

CYBERWHITE

Who We Work With

Current DISP Members

New DISP Applicants

Consultants & MSPs

Understanding the DISP Requirements

Uplift Program

Contract Eligibility

Supply Chain Expectations

From Assessment to Remediation

Ready to SimplifyYour DISP Compliance?

Ready to Simplify
Your DISP Compliance?