Adobe's AEM Gov AU achieves IRAP PROTECTED security level
Adobe has achieved a security milestone with its Adobe Experience Manager Gov Cloud Australia (AEM Gov AU) as it completes the Infosec Registered Assessors Program (IRAP) assessment at the PROTECTED level.
This advancement from the OFFICIAL level marks a significant enhancement in the security framework which is designed to facilitate the adoption of secure digital services by Australian government agencies.
The IRAP assessment at the PROTECTED level reflects an increase in the security measures that AEM Gov AU can offer, aligning with control requirements necessary for utilisation by federal, state, and local agencies in Australia. This development ensures these agencies can now adopt AEM Gov AU to enhance the security of their digital services for citizens, as the platform enables secure and efficient management of digital experiences across their life cycle, while also aiming to reduce costs and improve reliability.
Digital channels are becoming increasingly important in accessing public services, with 90% of Australian citizens preferring to engage through online platforms according to Adobe research. In light of this, government agencies face growing demand to provide secure, personalised, and accessible digital experiences. Adobe's efforts to elevate its security assurance to the PROTECTED level through the IRAP assessment aims to support government agencies in this need.
Adobe's involvement with IRAP includes rigorous evaluation processes, aligning AEM Gov AU with necessary security controls and requirements from the Australian Signals Directorate's Information Security Manual (ISM). This enhanced certification framework aims to build confidence in using the Adobe platform for managing critical digital experiences, providing the necessary cybersecurity that agencies look for when engaging with the Australian public.
The need to improve digital citizen experience was highlighted by Adobe's Global Government Digital Performance and Inclusion (GDPI) Benchmark, which showed that despite investment, some citizens still find accessing government services online to be challenging. Issues were identified particularly in mobile access compared to desktop, affecting Australians who rely solely on mobile internet. Simpler onboarding and form completion were among the lower scoring aspects. Adobe suggests that a move to a unified digital presence, structured around citizen needs, could elevate these aspects.
Besides enhancing security, AEM Gov AU offers functionality for agencies to scale and rapidly deploy digital services, simplifying processes and reducing infrastructure management burdens. It supports developers by alleviating tasks related to infrastructure management, including server and software installation and security management, thus enabling a focus on innovation and service improvements.
Complementing its IRAP capabilities, AEM Gov AU ensures compliance with various industry-specific and regulatory requirements, including FedRAMP Moderate and SOC 2, and extends additional security measures such as Web Application Firewalls and Distributed Denial of Service protection for heightened security needs. It is staffed by Australian citizens, holding appropriate security clearances, adding an extra layer of assurance for government departments leveraging the service.
Adobe's security posture is further underpinned by its Common Control Framework (CCF), which provides a foundation for its compliance processes. This framework supports the IRAP assessments, assisting in the adherence to Australia's stringent security standards. Notably, Adobe has open-sourced the CCF to facilitate wider access and adoption, promoting security best practices beyond its immediate service offerings.