ACSC publishes new guidance to help organisations’ gateway capabilities
Share
The Australian Cyber Security Centre (ACSC) has released a new Gateway Security Guidance package, making it easier for organisations to securely implement internet gateway capabilities.
Gateways play an important role in cybersecurity as they provide protection at the perimeter between the internet and other networks, becoming effective in a layered cyber security defence.
Aside from this, gateways are also able to be shared between organisations and broaden cyber security benefits among users.
Gateway architectures are evolving as gateway security functions are becoming more readily available in cloud service offerings. With these hybrid and cloud-native gateways, combined with new ways of working, it is expected that gateway architectures will look different in the future.
These expected changes led to the creation of the guidance package, which will help organisations approach cyber security challenges by making sure their gateways are more secure, flexible and adaptive to different architectures and delivery models.
The ACSC, within the Australian Signals Directorate (ASD), co-designed the guidance with key industry and government stakeholders through a consultative process.
The guidance was made to assist organisations and IRAP Assessors in making informed risk-based decisions and assessments when designing or consuming gateway services.
It also reflects government and industry best practices for the procurement, operation and disposal of gateway systems.
The Gateway Security Guidance package is divided into five documents that focus on different stages of governance, design and implementation. The overview document is intended to explain the structure of the package, making it suitable for all audiences.
The other documents under the guidance package are intended for specific figures within an organisation.
The Executive Guidance document for decision-makers at an organisation’s executive level, the Gateway Security Principles document for senior executives, architecture teams and engineering teams, and the Gateway Operations and Management and the Gateway Technology Guides documents are for architecture teams, engineering teams and gateway operators.
While the guidance is primarily intended for Australian Government gateway consumers and their service providers, any organisation that designs, procures, operates, maintains or disposes of a gateway may also avail of it.
The changes to the Australian Government’s gateway policy were done in order to create a risk-based authorisation model, replacing the previous Certification Authority role performed by ASD.
This empowers non-corporate Commonwealth entities (NCEs) to adopt a risk-based approach to their gateway capabilities, and the flexibility to adopt the gateway solutions which best suit their security requirements.
Source: ACSC. Content has been edited for style and length.
Eliza is a content producer and editor at Public Spectrum. She is an experienced writer on topics related to the government and to the public, as well as stories that uplift and improve the community.
Today’s Pick
11th Annual Aus Goverment Data Summit
April 1, 2025
7th Annual NZ Government Data Summit
May 7, 2025
3rd Public Sector Comms Week
May 14, 2025
Subscribe
We send emails,
but we do not spam
Join our mailing list to be on the front lines of healthcare , get exclusive content, and promos.
AI appointment Australia Australian boost boosts business businesses covid-19 cyber attack cybersecurity cyber security data data breach data management defence Digital employment enhance enhances fraud funding governance government grants Healthcare infrastructure Innovation Lockdown management new zealand NSW NZ online public Public Sector queensland renewable energy scams security Social Media Technology telecommunications victoria WA
Last Viewed