The Gateway Certification process is designed to assist Commonwealth agencies to minimise the risks incurred by connecting their systems to public networks such as the Internet. The certification review provides independent verification that appropriate risk management strategies have been employed in the gateway environment, and that identified countermeasures are in place and operating effectively.

Certification entails an independent reviewer validating that the gateway's safeguards are operating in compliance with an organisations security policy. This requires the certifier to examine the security objectives and risk assessment to verify the residual risk.

Gateway certifications are conducted in accordance with the Gateway Certification Guide. Agencies considering certification are advised to consult the guide.

DSD, in conjunction with Standards Australia, has developed a program (IRAP) for the registration of IT security professionals and one of the tasks they will be able to undertake is the review and certification of gateways. These assessors will be able to certify gateways to DSD's standards and provide 'DSD Gateway Certification' on behalf of DSD.

The table below outlines the classification levels and who will be able to certify the gateways.

Network classification	Certifier
UNCLASSIFIED	Registered Assessor
Non-national classifications
X-IN-CONFIDENCE	Registered Assessor or DSD
PROTECTED	Registered Assessor or DSD
HIGHLY PROTECTED*	Joint certification (Registered Assessor and DSD)
National classifications
RESTRICTED	Registered Assessor or DSD
CONFIDENTIAL* (excl. Defence)	Joint certification (Registered Assessor and DSD)
SECRET* (excl. Defence)	Joint certification (Registered Assessor and DSD)

* NB: Networks classified at this level must not be performed exclusively by an IRAP assessor; DSD involvement from inception is mandatory.

Agencies wishing to proceed or make an inquiry regarding the Gateway Certification process should contact DSD using one of the means listed on our Contacts page.