Compliance evidence
IRAP — domain & certificate controls
Australian government agencies and their ICT suppliers seeking to align with the Protective Security Policy Framework (PSPF) and Information Security Manual (ISM).
Authority: Australian Signals Directorate (ASD)
What IRAP actually requires
IRAP assessments measure compliance against the ISM. The ISM's Cryptography chapter and Communications Security chapter directly govern TLS certificate lifecycle for systems handling Australian government data classifications (OFFICIAL, PROTECTED, SECRET, TOP SECRET).
Full name: IRAP (Information Security Registered Assessors Program, Australia).
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
ISM-0483 | Cryptographic equipment protection | Applies to certificate-adjacent cryptographic assets. |
ISM-1506 | TLS configuration | Direct fit — TLS version, cipher, and cert parameters are specified. |
ISM-1139 | Key management | Certificate renewal and revocation lifecycle. |
What the evidence pack contains
CertRadar’s one-click export for IRAP includes:
- ISM-aligned TLS configuration report per certificate
- Classification-level cert inventory
Example domains in IRAP scope
Representative domains often monitored for IRAP evidence. Check any of them live:
Ship the IRAP evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to IRAP controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist