This Framework is currently under review. Annual audits of existing accredited providers and the accreditation of new providers is temporarily paused while the Framework is being reviewed. More information will be provided in coming months.
The Gatekeeper PKI Framework (the Framework) outlines the accreditation requirements for organisations that issue digital certificates.
Policy background
Developed in the 1990s, the Framework supported the Government’s electronic authentication strategy. This included the following now-defunct policies:
- National e-Authentication Framework
- Third Party Identity Services Assurance Framework
As part of a historical policy decision, agencies are required to utilise digital certificates issued by Gatekeeper-accredited organisations.
Purpose of the Framework
The Framework defines the policies and standards for issuing digital certificates used by agencies to authenticate devices such as applications and computers. The Framework sets out the requirements for organisations to become accredited to issue digital certificates for use in government for PKI-based authentication.
Gatekeeper accreditation covers the issuing of digital certificates to subscribers that need to work in:
- open environments, such as the internet
- closed environments, such as communities of interest
- hybrid communities.
Assessors from the Information Security Registered Assessor Program (IRAP) assess providers. They also audit them annually to make sure they comply with the Gatekeeper PKI Framework.
If a service provider contracts you to carry out an IRAP assessment you can get in touch with us to ask for a list of their approved documents.
Accredited service providers
The Gatekeeper Competent Authority has granted accreditation to the following services:
| Provider | Service type | Accreditation date |
|---|---|---|
| DigiCert (formally Symantec) | Certification and Registration Authority | September 2015 |
| Cogito Group | Registration Authority, Certification Authority and Validation Authority | 11 October 2021 |
| Department of Defence | Certification and Registration Authority | 17 May 2007 |
| Department of Industry and Science | Validation Authority | 6 January 2011 |
| Medicare Australia | Certification Authority | 29 June 2011 |
| Verizon Australia | Certification Authority | 16 February 2012 |
| Australian Taxation Office | Certification Authority | 30 April 2013 |
| Registration Authority | June 2019 | |
| Property Exchange Australia Limited | Certification Authority | 1 October 2014 |
| Registration Authority | June 2019 |
More information about the Framework
Download the following documents to find out more about the Framework:
- Gatekeeper PKI Framework (V3.1 — December 2015)
- Gatekeeper PKI Framework (V3.1 — December 2015)
- Information Security Registered Assessors Program (IRAP) Guide (V2.1 — December 2015)
- Information Security Registered Assessors Program (IRAP) Guide (V2.1 — December 2015)
- Compliance Audit Program (V2.1 — December 2015)
- Compliance Audit Program (V2.1 — December 2015)
If you have any questions you can get in touch with us at gatekeeper.pki@finance.gov.au.
