Evaluated cryptographic implementations
Implementations of the protocols in this section need to undergo an ACE before they can be approved to protect classified information.
High assurance cryptographic protocols
High assurance cryptographic protocols, which are not covered in this section, can be used for the protection of highly classified information if they are suitably implemented in HACE. Further information on high assurance cryptographic protocols can be obtained from the ACSC.
ASD Approved Cryptographic Protocols
In general, ASD only approves the use of cryptographic equipment and software that has passed a formal evaluation. However, ASD approves the use of some cryptographic protocols even though their implementations in specific cryptographic equipment or software has not been formally evaluated by ASD. This approval is limited to cases where they are used in accordance with these guidelines.
The AACPs are:
- Transport Layer Security (TLS)
- Secure Shell (SSH)
- Secure/Multipurpose Internet Mail Extension (S/MIME)
- OpenPGP Message Format
- Internet Protocol Security (IPsec)
- Wi-Fi Protected Access 2 (WPA2).
Using ASD Approved Cryptographic Protocols
If cryptographic equipment or software implements unapproved protocols, as well as AACPs, it is possible that these unapproved protocols could be used without a user’s knowledge. In combination with an assumed level of security confidence, this can represent a security risk. As such, organisations can ensure that only AACPs can be used by disabling unapproved protocols (which is preferred) or advising users not to use unapproved protocols via usage policies.
Security Control: 0481; Revision: 5; Updated: Jun-20; Applicability: O, P
Only AACPs are used by cryptographic equipment and software.
Further information on AACPs can be found in the found in the following sections of these guidelines.
Further information on the use of WPA2 in wireless networks can be found in the wireless networks section of the Guidelines for Networking.
Further information on the OpenPGP Message Format can be found in IETF RFC 3156, MIME Security with OpenPGP, at https://tools.ietf.org/html/rfc3156.