The minimum DISP setup to bid for Defence civil tenders on AusTender
A real Defence civil tender market runs through AusTender every month. Runway maintenance. Communications hut foundations. Hangar slabs. Retaining structures on training areas. Roadworks on base. Perimeter and fencing. Water and sewer extensions. These ATMs go out continuously, follow the ASDEFCON-templated tender process, and have a much smaller competitive set than the equivalent state government job.
The gate is DISP - the Defence Industry Security Program. The assumption most civil contractors carry is that DISP is the same multi-year build-up that primes go through to win seats on the Defence Infrastructure Panel. It isn't. For the bottom of the AusTender Defence market, what you need is Entry-level DISP and a small pool of cleared personnel. The total timeline is measured in months, not years.
This post is the minimum sequence. It assumes you already know how to win government tenders. The gap it fills is the Defence-specific layer above that.
What DISP is
DISP is the entity-level security accreditation administered by the Defence Industry Security Branch, anchored in Principle 16, Control 16.1 of the Defence Security Principles Framework.
It opened to any Australian entity in April 2019 - you no longer need a contract to apply. Between April 2019 and June 2021, 657 new entities joined the program.
There is no fee. There are real costs to maintain - basic security controls, personnel clearances, ICT controls to meet Essential Eight Maturity Level 2, and the time of a nominated Chief Security Officer.
DISP is structured around four security domains: Security Governance, Personnel Security, Physical Security, and ICT and Cyber Security. You apply for one of four membership levels. For most civil contractors targeting AusTender packages, the relevant level is the bottom one.
Entry Level - what it actually requires
Entry Level covers material classified at OFFICIAL: Sensitive and below under the Protective Security Policy Framework - the highest classification tier below PROTECTED, and the standard marking on the vast majority of non-classified Defence information involved in standard civil work on base.
What Entry Level actually requires:
- A nominated Chief Security Officer (CSO) and Security Officer (SO) from your senior team. Both must be Australian citizens.
- A DISP@your-company-domain email address - the formal communications channel with Defence Industry Security.
- A Security Policy and supporting governance documents covering all four security domains.
- Essential Eight Maturity Level 2 controls across your IT environment. Defence added a conditional membership pathway in 2026 that allows applicants to progress before fully completing the Essential Eight Maturity Action Plan, and a 12-month extension for existing members awaiting cyber assessment.
- A Foreign Ownership, Control or Influence declaration confirming no relationships with sanctioned regimes or listed terrorist organisations.
What Entry Level does not require:
- A certified facility. No facility inspection.
- NV1 or NV2 personnel clearances.
- The ability to sponsor cleared people (that capability starts at Level 1).
Processing time, currently: applicants holding active Defence contracts or actively tendering go into a priority queue, with around 90 days from officer assignment to grant. Defence has been openly addressing the application backlog through 2025–2026.
If a specific tender later requires PROTECTED-level handling, you move up to Level 1. That decision doesn't have to happen up front.
The personnel clearance reality
The trap is that DISP and personnel clearances are two separate processes on two separate timelines. DISP membership is granted to the company. Personnel clearances are issued to individuals by the Australian Government Security Vetting Agency. They have to be running in parallel.
AGSVA's published processing performance for FY25–26, as at December 2025:
| Clearance | Actual | Target | Within KPI | Cases completed |
|---|---|---|---|---|
| Baseline | 17 business days | 20 days | 81.5% | 12,578 |
| Negative Vetting 1 | 34 days | 70 days | 96.0% | 15,103 |
| Negative Vetting 2 | 57 days | 100 days | 94.9% | 3,534 |
Those numbers are the processing windows once AGSVA confirms the application is complete. Total elapsed time is longer. The applicant has up to 20 business days to complete the ePack questionnaire. AGSVA needs roughly 10 business days to assess completeness. Referees have to respond. Supporting documents have to be gathered. Realistic end-to-end for a clean Baseline is two to three months.
For most AusTender Defence civil packages at Entry Level, Baseline is the personnel clearance most often referenced. Your supervisors and site managers need it before they walk onto base areas that hold OFFICIAL: Sensitive material.
The sequencing answer: start clearance applications for two or three key supervisory staff at the same time you submit your DISP application - not after. If you stagger them, you've added six months to your first mobilisation date.
DIP-MC, for completeness
For projects valued at $200 million or more, Defence procures through a separate panel - the Defence Infrastructure Panel – Major Construction 2025–2030, running under Standing Offer Notice SON4138417. Eighteen contractors are on it, including CPB, BMD, Hansen Yuncken, Acciona, Sitzler, and Seymour Whyte. Engagement is by Expression of Interest to a subset of panellists, then a competitive RFT among the shortlist.
Most mid-tier civil contractors should ignore the DIP-MC in year one. It's not your starting point. It's the panel you might be on in a decade if the rest of your Defence business compounds.
For everything else - packages from roughly $500k to $100M - the open-tender channel through AusTender is the active surface. Entry-level DISP and a Baseline-cleared crew is enough to bid on most of it.
The minimum sequence
If you want to be tendering for Defence civil work twelve months from now:
- Nominate a CSO and an SO from senior staff. Both Australian citizens.
- Create the DISP@yourcompany.com email address.
- Get your Essential Eight Maturity Level 2 controls in place - or progress under the 2026 conditional pathway if you're still working through the maturity action plan.
- Build the four security domains to Entry Level. Use the DISP Membership Requirements Checklist Defence publishes.
- Submit the DISP application. Flag any active or proposed tenders in your submission to put yourself in the priority queue.
- In parallel, start AGSVA Baseline clearance applications for two or three key supervisors. Their applications run independently of your DISP membership.
- Set up an AusTender saved search for Defence construction ATMs in your scope and region. Most of the work is announced there first.
That's the minimum. None of it is exotic, and none of it requires a specialist Defence consultant to navigate. The contractors who win this work didn't start the entry sequence after a tender appeared. They started it a year earlier.
Coming this week: the Demiton Defence Digest - a weekly read of the current AusTender Defence civil ATMs, who's being shortlisted, where the packages are flowing by region, and the patterns the head contractors are quietly relying on. If you've started your DISP application or you're about to, the digest is the surface where you'll see the tenders you should be tracking. Signup opens with the first issue.
Track the Defence pipeline every Tuesday.
The Civil Pipeline Digest pulls live AusTender ATMs, TMR forward programme data, RBA rates, and BOM site weather every week. Free, public, no account required.