This framework is currently under review. Annual audits of existing accredited providers and the accreditation of new providers is temporarily paused while the framework is being reviewed. More information will be provided in coming months.
This framework explains the requirements for issuing digital keys and certificates.
What this framework does
The Gatekeeper Public Key Infrastructure (PKI) Framework governs the way the Australian Government uses digital keys and certificates to assure the identity of subscribers to authentication services.
Subscribers can include individual users, organisations and devices, such as applications and computers.
The framework sets out the requirements for organisations to become accredited to issue digital keys and certificates for use in government for PKI-based authentication.
Policy requirement: the Gatekeeper PKI Framework states that Australian Government agencies must only use digital keys and certificates issued by a gatekeeper-accredited organisation for PKI authentication.
Gatekeeper accreditation covers the issuing of digital keys and certificates to subscribers that need to work in:
- open environments, such as the internet
- closed environments, such as communities of interest
- hybrid communities
Assessors from the Information Security Registered Assessor Program (IRAP) assess providers. They also audit them annually to make sure they comply with the Gatekeeper PKI Framework.
If a service provider contracts you to carry out an IRAP assessment you can get in touch with us to ask for a list of their approved documents.
Checking legal documents
The Gatekeeper Legal Evaluation Panel checks legal documents for organisations applying for gatekeeper accreditation.
It also does this for service providers who want to amend legal documentation they’ve previously had approved.
Accredited service providers
The Gatekeeper Competent Authority has granted accreditation to the following services:
Provider | Service type | Accreditation date |
---|---|---|
DigiCert (formally Symantec) | Certification and Registration Authority | September 2015 |
Cogito Group | Registration Authority, Certification Authority and Validation Authority | 11 October 2021 |
Department of Defence | Certification and Registration Authority | 17 May 2007 |
Department of Industry and Science | Validation Authority | 6 January 2011 |
Medicare Australia | Certification Authority | 29 June 2011 |
Verizon Australia | Certification Authority | 16 February 2012 |
Australian Taxation Office | Certification Authority | 30 April 2013 |
Registration Authority | June 2019 | |
Property Exchange Australia Limited | Certification Authority | 1 October 2014 |
Registration Authority | June 2019 |
Policy background
The framework replaces the following policies, which no longer apply:
- National e-Authentication Framework
- Third Party Identity Services Assurance Framework
More information about the framework
Download the following documents to find out more about the Gatekeeper PKI Framework:
- Gatekeeper PKI Framework (V3.1 — December 2015)
- Gatekeeper PKI Framework (V3.1 — December 2015)
- Information Security Registered Assessors Program (IRAP) Guide (V2.1 — December 2015)
- Information Security Registered Assessors Program (IRAP) Guide (V2.1 — December 2015)
- Compliance Audit Program (V2.1 — December 2015)
- Compliance Audit Program (V2.1 — December 2015)
If you have any questions you can get in touch with us at gatekeeper.pki@finance.gov.au.