Gatekeeper Public Key Infrastructure (PKI) Framework

This Framework is currently under review. Annual audits of existing accredited providers and the accreditation of new providers is temporarily paused while the Framework is being reviewed. More information will be provided in coming months.

The Gatekeeper PKI Framework (the Framework) outlines the accreditation requirements for organisations that issue digital certificates.

Policy background

Developed in the 1990s, the Framework supported the Government’s electronic authentication strategy. This included the following now-defunct policies:

  • National e-Authentication Framework
  • Third Party Identity Services Assurance Framework

As part of a historical policy decision, agencies are required to utilise digital certificates issued by Gatekeeper-accredited organisations.

Purpose of the Framework

The Framework defines the policies and standards for issuing digital certificates used by agencies to authenticate devices such as applications and computers. The Framework sets out the requirements for organisations to become accredited to issue digital certificates for use in government for PKI-based authentication.

Gatekeeper accreditation covers the issuing of digital certificates to subscribers that need to work in:

  • open environments, such as the internet
  • closed environments, such as communities of interest
  • hybrid communities.

Assessors from the Information Security Registered Assessor Program (IRAP) assess providers. They also audit them annually to make sure they comply with the Gatekeeper PKI Framework.

If a service provider contracts you to carry out an IRAP assessment you can get in touch with us to ask for a list of their approved documents.

Accredited service providers

The Gatekeeper Competent Authority has granted accreditation to the following services:

ProviderService typeAccreditation date
DigiCert (formally Symantec)Certification and Registration AuthoritySeptember 2015
Cogito GroupRegistration Authority, Certification Authority and Validation Authority11 October 2021
Department of DefenceCertification and Registration Authority17 May 2007
Department of Industry and ScienceValidation Authority6 January 2011
Medicare AustraliaCertification Authority29 June 2011
Verizon AustraliaCertification Authority16 February 2012
Australian Taxation OfficeCertification Authority30 April 2013
Registration AuthorityJune 2019
Property Exchange Australia LimitedCertification Authority1 October 2014
Registration AuthorityJune 2019

More information about the Framework

Download the following documents to find out more about the Framework:

If you have any questions you can get in touch with us at gatekeeper.pki@finance.gov.au.


Did you find this content useful?