Gatekeeper Public Key Infrastructure Framework

This framework explains the requirements for issuing digital keys and certificates.

Back to top

What this framework does

The Gatekeeper Public Key Infrastructure (PKI) Framework governs the way the Australian Government uses digital keys and certificates to assure the identity of subscribers to authentication services.

Subscribers can include individual users, organisations and non-human devices, such as applications and computers.

The framework sets out the requirements for organisations to become accredited to issue digital keys and certificates for use in government for PKI-based authentication.

Policy requirement: the Gatekeeper PKI Framework states that Australian Government agencies must only use digital keys and certificates issued by a gatekeeper-accredited organisation for PKI authentication.
Gatekeeper accreditation covers the issuing of digital keys and certificates to subscribers that need to work in:
  • open environments, such as the internet

  • closed environments, such as communities of interest

  • hybrid communities

Assessors from the Information Security Registered Assessor Program (IRAP) assess providers. They also audit them annually to make sure they comply with the Gatekeeper PKI Framework.

If a service provider contracts you to carry out an IRAP assessment you can get in touch with us to ask for a list of their approved documents.

Back to top

The Gatekeeper Legal Evaluation Panel checks legal documents for organisations applying for gatekeeper accreditation.

It also does this for service providers who want to amend legal documentation they’ve previously had approved.

Back to top

Accredited service providers

The Gatekeeper Competent Authority has granted accreditation to the following services:

 

Provider

Service type

Accreditation date

Symantec (eSign)

Certification Authority

31 March 2000

Australia Post (KeyPost)

Registration Authority

December 2001

Department of Defence

Certification and Registration Authority

17 May 2007

Department of Industry and Science

Validation Authority

6 January 2011

Medicare Australia

Certification Authority

29 June 2011

Verizon Australia

Certification Authority

16 February 2012

Australian Taxation Office

Certification Authority

30 April 2013

Property Exchange Australia Limited

Certification Authority

1 October 2014

 

Back to top

Policy background

The framework replaces the following policies, which no longer apply:

  • National e-Authentication Framework

  • Third Party Identity Services Assurance Framework

Back to top

More information about the framework

Download the following documents to find out more about the Gatekeeper PKI Framework:

 

Back to top

Get in touch

If you have any questions you can get in touch with us at identity@dta.gov.au