Red Bridge CyberRed Bridge Cyber
Customer Login
What We CheckHow It WorksPricingResearchAboutBlogCustomer Login

Does SMB1001 count toward DISP membership?

No. The Defence Industry Security Program names the ASD Essential Eight — at Maturity Level 2 — as its cyber requirement, and SMB1001 does not appear in DISP's requirements:

  • Defence's guidance allows a short list of standards to demonstrate compliance 'in part': ISO/IEC 27001:2022, NIST SP 800-171 and Def Stan 05-138
  • SMB1001 is not on that list — and even the standards that are only count partially
  • SMB1001:2026 maps its controls to the Essential Eight — a useful on-ramp, since Gold-tier work overlaps several Essential Eight controls, but mapping is not substitution

Where a regulator or a contract names a specific framework, only that framework satisfies it. The practical split for a small business: SMB1001 is the certificate for commercial customers who want proof of cyber hygiene; the Essential Eight at Maturity Level 2 is the price of entry for defence work. If defence is your target market, budget for the Essential Eight from day one.