Other relevant links
Introduction
This page includes a range of links relevant to various aspects of Information Security. Although every care has been taken to provide links to suitable material from this site, we cannot guarantee the suitability, completeness or accuracy of any of the material that this site may be linked to. Consequently, DSD can not accept responsibility for unsuitable or inaccurate material that may be encountered.
External links activated from this page will open in a new browser window.
Computer Emergency Response Teams
Computer emergency response teams (CERTs) are intended to provide a recognized body of expertise on computer network security, particularly with regard to incident response. Typically they provide a central point for the reporting of security incidents and dissemination of information relating to threats, vulnerabilities and defensive mechanisms.
- AusCERT (opens new window) - (The Australian CERT)
- FIRST (opens new window) - (Forum of Incident Response and Security Teams)
- CERT/CC (opens new window) - (US CERT Coordination Centre)
Evaluated Products
Information security products which have been evaluated under the Australasian Information Security Evaluation Programme (AISEP) are placed on the Evaluated Products List (EPL) which signifies that such products are suitable for the protection of Government information at various levels.
Many other countries operate similar schemes. This has led to the creation of the Common Criteria and Mutual Recognition programmes, under which Australia, New Zealand, the US, the UK, Canada, France and Germany have agreed to recognise each other's product evaluation procedures.
Some links to lists of evaluated products:
- Evaluated Products List (Australia)
- Evaluated Products List (opens new window) (US)
- Certified Products (opens new window) (UK)
Some links to evaluation methodologies and criteria:
- ITSEC - (opens new window) (uniform standard adopted by the UK, France, Germany, the Netherlands and the EC)
- TCSEC - (opens new window) (US Trusted Computer Security Evaluation Criteria)
- CCITSE - (opens new window)(Common Criteria for Information Technology Security Evaluation)
FedLink
The Commonwealth Government has established an Internet based Virtual Private Network (VPN) known as FedLink (opens new window).
Gateways
A gateway is a secured connection between two networks, usually where one is a public network such as the Internet. It will usually comprise a number of components, including a firewall host, proxy servers, routers, email hosts, etc.
DSD offers a Gateway Certification process which aims to provide Commonwealth Agencies, or service providers to Commonwealth Agencies, with an independent assessment that their gateway has been configured and managed to industry best practice and that safeguards are implemented and operating effectively. A Gateway Certification Guide is also available to assist agencies that wish to pursue certification (or recertification) to prepare for the DSD review.
Gatekeeper (PKI)
The establishment of a reliable public key infrastructure (PKI) is the basis for a range of cryptographic services, such as confidentiality, integrity, authenticity and trust, and is therefore one of the key components necessary for the development of e-commerce and the conduct of business on-line in general.
The Commonwealth Government has established the Gatekeeper strategy for public key technology use in the Government. Gatekeeper (opens new window) was developed to introduce public key technology to support authentication and identification in government online transactions.
Security Advisories and Alerts
Security advisories and alerts are frequently issued by computer emergency response teams (CERTs) and can be accessed by following the links from the CERT section above. Additional useful links include:
- Computer Incident Advisory Capability (opens new window) (US Department of Energy)
Vendors such as SUN (opens new window) and Microsoft (opens new window)also provide security information (and patches) for their products.
OnSecure
A government-funded web site that provides resources, and links to resources, on information technology security matters to government agencies and the general public. The OnSecure web site (opens new window) operates a public and a 'members only' view, with access to the 'members only' side restricted to government agencies.
The site also allows for the secure, online reporting of computer security incidents via the Information Security Incident Detection, Reporting Analysis Scheme (ISIDRAS).
Archiving secured records
The National Archives of Australia (NAA) provide a number of publications advising on how to keep records that have been secured, on documenting the security process and on the disposal of encrypted records. Further information can be found at:
Ordering Keying Material
The SDNS order form [PDF, 2.02MB] has been made available to enable users to create an order for keying material for a specific piece of equipment.
The form may be reproduced as required and should be completed as directed in the relevant Australian Communications Electronic Security Instruction (ACSI). The form SHOULD NOT be filled out online.
Once the form has been printed from the PDF file:
- Manually fill out all the relevant details as directed by
the relevant ACSI ensuring that the required Distribution List is completed.
- The completed form should be sent to DSD by standard methods taking into consideration the classification of the material being ordered.
NOTE: Once completed the form is no longer unclassified
and must be afforded the appropriate protection and is NOT to be stored
on a computer.