AusRegistry is the contracted party that provides the DNS servers and related infrastructure for the vast majority of Australian top-level and second-level Internet domains – including .au, .com.au, .net.au and .org.au. Because of this, AusRegistry’s global network of DNS servers are important pieces of national infrastructure in cyber space.
As the DNS provider for several government agencies, AusRegistry is also contracted to undergo regular IRAP assessments and maintain agency certifications against the ISM.
"We really needed an assessor with detailed knowledge of how the internet works and was familiar with the open-source technologies we use. We're quite serious about security. IRAP isn't just a 'tick-in-a-box' for us. We'd rather work with someone who can help us find our blind-spots."
Salted Signal established direct communication channels with AusRegistry's executives, product owners and engineers, which enabled rapid development and validation of the assessment scope and objectives.
Salted Signal's IRAP assessments are renowned for being extremely thorough, but testing hundreds of controls across hundreds of systems can be incredibly disruptive to operational teams. To minimise the business impact, the assessor completed the vast majority of the audit by inspecting systems, documentation and infrastructure automation code, minimising the need for interviews.
"We chose Salted Signal because their hands-on technical skills and cybersecurity knowledge were both relevant and immediately apparent. What surprised us was how quickly the assessor gained the trust and respect from our engineers and developers. That's never happened to us before."
Salted Signal recognised the difficulty in applying a government-oriented compliance framework like the PSPF/ISM to AusRegistry, so additional and/or alternative controls were identified and incorporated, thus ensuring the report was fair and holistic.
"I couldn't believe how thorough the audit was. The whole process has given me a new respect for the ISM and the IRAP program."
Salted Signal's IRAP assessment report was used by AusRegistry as the basis for subsequent security and compliance remediation uplift activities.