Secure Internet Gateways

Secure Internet Gateways (SIGs) provide cyber security protections to Australian Government Departments at the boundary between the internet and Government networks.

What is a SIG?

A Secure Internet Gateway is a collection of technologies that reside at the boundary between a Commonwealth Entity’s network and the public internet. It is designed to protect Commonwealth Entities from malicious cyber-attacks.

Changes to SIGs

The current Secure Internet Gateway model has not evolved for several years. With the increased adoption of cloud services and new technologies and capabilities by Government, there is a need to modernise the SIGs to manage the evolving threat landscape.

We have released a Joint Statement alongside the Australian Signals Directorate (ASD) outlining the changes planned for Secure Internet Gateways. We foresee that the changes to SIGs will enable agencies to access more contemporary services from the provider market and support the transition of services to a potential Cyber Hub model in the future. Until such time as Cyber Hubs can take on SIG services, the existing Lead Agency model will continue adhering to the below Policy Objectives.

Policy Objectives

These policy objectives define how SIGs should operate and set out the next steps for how the security of Government gateways will evolve:

  • Secure Internet Gateway (SIG) lead agencies will maintain responsibility for coordinating SIG assurance activities and any contractual arrangements they hold until the Cyber Hub concept is agreed, and all client agencies migrated to them.
  • The Australian Signals Directorate’s (ASD) Certified Gateways list will cease in July 2022 and be removed from the cyber.gov.au website. The Protective Security Policy Framework (PSPF) will be reviewed and updates as required to support these changes.
  • All ASD Certified Gateways will remain certified until July 2022, unless otherwise specified by the PSPF. All ASD certifications and re-certification letters will be void from this date.
  • The Digital Transformation Agency (DTA) will be notified of all new SIG arrangements implemented through the lead agencies, including the extension of existing arrangements.
  • New contracts and extensions to existing contracts for SIG services will include provisions for compliance with the Australian Government Information Security Manual (ISM), including the implementation of ISM controls by the service provider in the timeframe specified.
  • New contracts and extensions to existing contracts for SIG services will be a maximum of two years, with up to a one-year extension. Contracts will include clear, robust, and actionable transition-out plans to support transition flexibility to the Cyber Hubs.
  • Entities will include provisions in new contracts and extensions to existing contracts for data managed by a SIG to be provided to the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) and Cyber Hubs, if they proceed.
  • The ACSC and DTA will work with the Attorney-General’s Department to develop guidance on the appropriate use of the term ‘Single Entity Use’ within PSPF Policy 11-Robust ICT systems. This will reduce the risk of an increase in the proliferation of gateways and degradation in cyber security maturity of Government Gateways.
  • The ACSC will develop security guidance, co-designed with Industry and government through a consultative process. This guidance will assist entities in making informed risk-based decisions when consuming gateway services. The security guidance will align with, and enable entities to easily transition to, the Cyber Hubs model.

Get in touch

To find out more or for general enquiries please contact HGIT@dta.gov.au