Request Demo
Platform CapabilitiesPolicy Creation and ManagementFile Sharing and CollaborationFile Transfer AutomationFully Governed Email DataData Streaming with Next-gen DRMControlled AI Data AccessSecure Data Intake Via Online FormsUse CasesControl Data ExchangeMeet Regulatory RequirementsSafeguard Private AI DataPartnersTechnology PartnersMSP & MSSP PartnersResellers & Channel PartnersResourcesResource CenterDevelopersCustomersCompanyAbout UsManagementInvestorsCareersTechnical SupportNewsroomTrust PageVulnerability CenterContact UsRequest Demo
Mouseover to personalize your Kiteworks website experience

IRAP

Achieve PROTECTED-level security assessment through independent IRAP evaluation with comprehensive controls meeting Australian government ICT security requirements.

IRAP Content

How Kiteworks Supports IRAP Compliance

The Information Security Registered Assessors Program (IRAP) is an Australian Signals Directorate (ASD) initiative that provides a framework for assessing the security of ICT systems against Australian government security requirements. Achieving PROTECTED-level assessment through an independent IRAP evaluation demonstrates that an organization's systems meet the stringent security controls required for handling sensitive Australian government data. Kiteworks provides comprehensive capabilities that address the full spectrum of IRAP security requirements.

1. PROTECTED Level Controls

The PROTECTED classification level applies to information whose compromise could cause damage to national security, government operations, or the Australian public. Kiteworks supports PROTECTED-level security through:

  • End-to-end encryption for data in transit and at rest, meeting the encryption requirements for PROTECTED-level data handling

  • Sovereign data residency with deployment options that ensure data remains within Australian borders

  • Hardened infrastructure designed to withstand sophisticated attacks targeting government-classified information

  • Compartmentalization of data preventing unauthorized cross-boundary information flows between classification levels

  • Comprehensive access controls ensuring only authorized personnel with appropriate clearances can access PROTECTED content

2. ISM Framework Alignment

The Australian Government Information Security Manual (ISM) provides the cybersecurity framework that underpins IRAP assessments. Kiteworks aligns with the ISM framework by addressing:

  • Governance and risk management controls that establish clear security accountability and oversight structures

  • Personnel security through identity verification, access provisioning, and separation of duties enforcement

  • Physical security integration with data center controls that meet Australian government facility requirements

  • Communications security protecting the confidentiality and integrity of data across all communication channels

  • ICT equipment management with secure configuration baselines and change management procedures

3. Independent Assessment Process

IRAP assessments are conducted by ASD-endorsed assessors who independently evaluate an organization's security posture. Kiteworks facilitates the independent assessment process through:

  • Assessment-ready documentation including system security plans, security risk management plans, and incident response procedures

  • Evidence generation capabilities that automatically produce artifacts required by IRAP assessors

  • Control mapping documentation linking platform capabilities to specific ISM controls being assessed

  • Transparent architecture documentation enabling assessors to thoroughly evaluate system design and security boundaries

  • Remediation tracking for addressing any findings identified during the assessment process

4. Addressing the 816 Security Controls

The ISM contains over 816 security controls organized across multiple categories. Kiteworks provides direct or supporting coverage for controls spanning:

Control Category

Number of Controls

Kiteworks Coverage

Access Control

45+

RBAC, MFA, least privilege, session management

Cryptography

35+

AES-256, TLS 1.2/1.3, key management, certificate handling

Network Security

60+

Firewalls, segmentation, intrusion detection, DMZ architecture

Gateway Security

40+

Content inspection, data loss prevention, malware scanning

Media Handling

25+

Secure transfer, sanitization, classification enforcement

System Monitoring

50+

SIEM integration, audit logging, anomaly detection

Software Security

30+

Secure development, vulnerability management, patch management

Personnel Security

20+

Identity management, access reviews, privilege management

5. Australian Government Data Classification

Proper data classification is fundamental to IRAP compliance. Kiteworks supports Australian government data classification requirements through:

  • Classification labeling that applies appropriate protective markings to content throughout its lifecycle

  • Handling caveats enforcement ensuring content with specific dissemination restrictions is handled according to policy

  • Classification inheritance automatically applying parent folder classifications to child content

  • Declassification management tracking classification changes and maintaining historical records

  • Cross-domain controls preventing unauthorized movement of classified content between security domains

6. Access Controls and Identity Management

IRAP assessments heavily scrutinize access control mechanisms. Kiteworks provides robust access management capabilities including:

  • Multi-factor authentication supporting TOTP, SMS, email, SAML 2.0, and certificate-based authentication methods

  • Fine-grained permissions with folder-level, file-level, and action-level access controls

  • Identity federation integrating with government identity providers and directory services

  • Automated access reviews supporting periodic recertification of user access rights

  • Session management with configurable timeout policies, concurrent session limits, and forced logout capabilities

  • Privileged access management with enhanced controls for administrative functions and system configuration

7. Encryption Standards

Meeting Australian government encryption requirements is critical for IRAP compliance at the PROTECTED level. Kiteworks implements:

  • AES-256 encryption at rest for all stored content using FIPS 140-3 validated cryptographic modules

  • TLS 1.2 and TLS 1.3 for all data in transit with strong cipher suite configurations

  • Double encryption with separate application-layer and storage-layer encryption keys

  • Cryptographic key management with secure key generation, rotation, storage, and destruction procedures

  • Hardware security module (HSM) integration for organizations requiring hardware-based key protection

  • Australian Signals Directorate approved algorithms ensuring cryptographic implementations meet ASD requirements

8. Network Security

Network security controls are extensively evaluated during IRAP assessments. Kiteworks addresses network security requirements through:

  • Network segmentation isolating the Kiteworks platform within secure network zones with controlled access points

  • Embedded firewall providing application-level filtering and network-level access control lists

  • Intrusion detection and prevention monitoring network traffic for suspicious patterns and known attack signatures

  • DMZ deployment architecture placing externally-facing components in demilitarized zones separated from internal systems

  • Network traffic encryption ensuring all inter-component communication is encrypted regardless of network trust level

9. Gateway Security

Gateway security controls protect information as it moves between networks and security domains. Kiteworks provides comprehensive gateway security through:

  • Content inspection scanning all inbound and outbound content for malware, sensitive data, and policy violations

  • Data loss prevention (DLP) integration preventing unauthorized exfiltration of classified or sensitive content

  • Advanced threat protection (ATP) with sandboxing capabilities for analyzing suspicious file attachments

  • Protocol enforcement ensuring only approved communication protocols are used for content transfer

  • Cross-domain solution support enabling controlled information exchange between different security domains

10. Media Handling and Secure Transfer

IRAP assessments evaluate how organizations handle, transfer, and dispose of information media. Kiteworks supports secure media handling through:

  • Secure file transfer protocols including SFTP, FTPS, and HTTPS for all content movement operations

  • Content sanitization removing metadata and hidden content before external transfers

  • Transfer logging and accountability maintaining detailed records of all content movements including sender, recipient, and timestamps

  • Expiration controls automatically revoking access to shared content after defined time periods

  • Secure deletion ensuring content is thoroughly removed from all storage locations when no longer required

  • Watermarking capabilities applying visible or invisible marks to content for tracking and deterring unauthorized distribution

By deploying Kiteworks for secure data exchange, Australian government agencies and their contractors can systematically address the security controls required for IRAP assessment at the PROTECTED level. The platform's comprehensive security architecture, combined with its detailed audit capabilities and encryption standards, provides a strong foundation for achieving and maintaining IRAP compliance while enabling secure collaboration with authorized parties.