The Gateway Certification process is designed to assist Commonwealth agencies to minimise the risks incurred by connecting their systems to public networks such as the Internet. The certification review provides independent verification that appropriate risk management strategies have been employed in the gateway environment, and that identified countermeasures are in place and operating effectively.

Certification entails an independent reviewer validating that the gateway's safeguards are operating in compliance with an organisations security policy. This requires the certifier to examine the security objectives and risk assessment to verify the residual risk.

Gateway certifications are conducted in accordance with the Gateway Certification Guide. Agencies considering certification are advised to consult the guide.

DSD, in conjunction with Standards Australia, has developed a program (I-RAP) for the registration of IT security professionals and one of the tasks they will be able to undertake is the review and certification of gateways. These assessors will be able to certify gateways to DSD's standards and provide 'DSD Gateway Certification' on behalf of DSD.

The table below outlines the classification levels and who will be able to certify the gateways.

Network classification	Certifier
UNCLASSIFIED	Registered Assessor
X-IN-CONFIDENCE	Registered Assessor / DSD
PROTECTED	Registered Assessor / DSD
HIGHLY PROTECTED	DSD
RESTRICTED	Registered Assessor / DSD
CONFIDENTIAL (excl. Defence)	DSD
SECRET (excl. Defence)	DSD

Agencies wishing to proceed or make an inquiry regarding the Gateway Certification process should contact DSD using one of the means listed on our Contacts page.