Gatekeeper Public Key Infrastructure Framework
Managing the technology that supports authentication
The Gatekeeper Public Key Infrastructure (PKI) Framework governs the use of digital keys and certificates by the Australian Government to assure the identity of subscribers to authentication services. Subscribers can include individual users, organisations and non-human devices, such as applications and computers.
The Framework sets out the requirements for organisations to become accredited to issue digital keys and certificates for use in government for PKI-based authentication.
Policy requirement: the Gatekeeper PKI Framework states Australian Government agencies must only use digital keys and certificates issued by a Gatekeeper-accredited organisation for PKI authentication.
Gatekeeper accreditation covers the issuing of digital keys and certificates to subscribers that need to work in:
- open environments, such as the internet
- closed environments, such as communities of interest
- hybrid communities.
Providers are assessed by Information Security Registered Assessor Program (IRAP) assessors. The services are audited by IRAP assessors annually to ensure compliance with the Gatekeeper PKI Framework.
If you are contracted by a service provider to undertake an IRAP assessment you can request a service provider’s list of approved documents by contacting firstname.lastname@example.org
- Gatekeeper PKI Framework (V3.1 - December 2015) PDF (1.9 MB)
- Gatekeeper PKI Framework (V3.1 - December 2015) DOCX (601 KB)
- Information Security Registered Assessors (IRAP) Program Guide (V2.1 - December 2015) PDF (2.1 MB)
- Information Security Registered Assessors (IRAP) Program Guide (V2.1 - December 2015) DOCX (179 KB)
- Compliance Audit Program (V2.1 - December 2015) PDF (1.3 MB)
- Compliance Audit Program (V2.1 - December 2015) DOCX (175 KB)
Gatekeeper legal evaluation panel
The role of the members of the Gatekeeper legal evaluation panel is to evaluate the legal documents for organisations applying for Gatekeeper Accreditation and Service Providers amending previously approved legal documents submit, as part of their documentation suite.
Gatekeeper accredited service providers
The following services have been granted accreditation by the Gatekeeper Competent Authority.
|Provider||Service type||Accreditation date|
|Symantec (eSign)||Certification Authority||31 March 2000|
|Australia Post (KeyPost)||Registration Authority||December 2001|
|Department of Defence||Certification and Registration Authority||17 May 2007|
|Department of Industry and Science||Validation Authority||6 January 2011|
|Medicare Australia||Certification Authority||29 June 2011|
|Verizon Australia||Certification Authority||16 February 2012|
|Australian Taxation Office||Certification Authority||30 April 2013|
|Property Exchange Australia Limited||Certification Authority||1 October 2014|
Gatekeeper accreditation applicants
The following service is undergoing Gatekeeper accreditation:
- Veda Advantage - Registration Authority
Last updated: 5 January 2016