Background

Austroads is the association of Australian and New Zealand transport agencies. Austroads provides authoritative, practical and impartial advice, information, tools and services to our members and a range of other key stakeholders across government, industry and communities. Austroads aims to support the safe, efficient, reliable and sustainable movement of people and products to achieve societal benefits.

Austroads is developing a national approach to establish a secure and interoperable mobile driver licence (MDL) (also called digital driver licence) and other like credentials by:

Developing a Digital Trust Service that will allow cross jurisdictional verification of credentials by relying parties.

Developing strong security standards for all issuers, credential holders, wallet providers, relying parties and its own trust service.

Working with national and international providers of credentials to ensure trust through the application of good, governance, security, privacy and interoperability standards and methods.

Developing a nationally scalable and supported solution that meets legislative, regulatory and best practice standards for information and cyber security management.

Establishing a responsive and resilient operating model that takes into consideration effective lifecycle management of its platforms, products, integration, data and Public Key Infrastructure (PKI).

Purpose/Objective:

Austroads seeks to partner with an information security, cyber specialist firm with demonstrated digital identity and distributed PKI expertise. The partner will assist to update Austroads information security management system (ISMS) and assure vendor services against those controls as it relates to the following three services:

1. Digital Trust Service
2. Public Key Infrastructure as a Service service (PKIaaS)
3. NEVDIS populated Verifiable Credential (NVC) platform

The selected partner will:

• Determine the necessary controls and frameworks required to comply with relevant legislation and industry best practices, considering the criticality of the Digital Trust Service.
• Perform a comprehensive assessment of Austroads’ ISO 27001 Information Security Management System (ISMS).
• Provide recommendations for enhancements to align with the determined standards.
• Assist in the implementation of these enhancements to ensure compliance and improved security posture.

The updated ISMS controls will be used to support contractual conditions and requirements for participation agreements with jurisdictions.

Austroads also requires this partner to have cyber testing capabilities to provide:

• Final testing of these services prior to full production release.
• Annual testing as required by the ISMS policy agreed to by Austroads and its members.
• Ensure the standing offer arrangement for PKIaaS has the necessary security controls.

Scope:

Austroads has engaged the market to procure and deliver three capabilities, including:

1. A Digital Trust Service: Where the public encryption keys from issuing authority certificate authorities (IACA) will be registered and accessible nationally for all relying parties.
2. Public Key Infrastructure as a Service (PKIaas): Where national and international policy compliant encryption services are available to be procured by all jurisdictions.
3. National Exchange of Vehicle Driver Information System (NEVDIS) Populated Verifiable Credential platform: Where using the national exchange to verify digital licences, Austroads will develop a secure digital credential onboarding process to OEM wallet providers.