Skip to main content

The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and information against cyber threats. These evaluation activities are certified by the Australasian Certification Authority (ACA).

For a list of products certified via the AISEP, see the Certified Products List (CPL) on the Common Criteria website.

Certificates are withdrawn by the ACA if it is discovered that the products did not meet the criteria for which they were certified. Certificates withdrawn are listed below:

This list currently has no items at this time.

The Common Criteria

Information on what the Common Criteria is, and its guiding documentation, can be obtained from the Common Criteria website.

AISEP announcements

July 2020 - The ACA has endorsed the U.S Government Approved Protection Profile – PP-Module for Virtual Private Network (VPN) Gateways version 1.1 and added this document to the ACA-endorsed PP list below.

April 2020 - The ACA has endorsed the U.S Government Approved Protection Profile – PP-Module for Virtual Private Network (VPN) Gateways version 1.0 and added this document to the ACA-endorsed PP list below.

AISEP policy and interpretations

Sometimes an interpretation is required from the ACA for content within the AISEP Policy Manual or for product evaluation processes and procedures. The AISEP Policy Manual and current AISEP interpretations are listed below.

AISEP Policy Manual (August 2011)

AISEP Interpretation 8: Qualifications of Principal Certifier (March 2012)

AISEP Interpretation 9: Defence Industry Security Program (DISP) Membership (March 2012)

AISEP Interpretation 10: Periodic Management Review (March 2012)

AISEP Interpretation 11: Evaluation Scope (March 2012)

AISEP Interpretation 12: Re-use of Development Environment Assessment (DEA) Evidence (March 2012)

AISEP Interpretation 13: Evaluators' Experience (March 2012)

Australasian Information Security Evaluation Facilities

An Australasian Information Security Evaluation Facility (AISEF) is a commercial facility licensed by ASD, and accredited by the National Association of Testing Authorities, Australia (NATA), to conduct evaluations under the AISEP.

DXC Australia

Attention: Andrew McLarty
26 Talavera Road
Macquarie Park, NSW 2113
Phone: +61 417 514 282
Email: amclarty@dxc.com
Web: https://www.dxc.technology/security

Teron Labs

Attention: Juan Gonzalez
Unit 3, 10 Geils Court
Deakin ACT 2600
Phone: +61 2 6172 1261
Email: juan@teronlabs.com
Web: https://www.teronlabs.com

International partners

The Common Criteria Recognition Arrangement (CCRA) was established in 1998 in order for certification authorities to mutually recognise each other's certified products. Initially the CCRA was comprised of certification authorities from Canada, France, Germany, the United Kingdom and the United States. Australia and New Zealand joined the CCRA in 1999. A list of current participants can be found on the Common Criteria website.

Consumers can be confident that each participant of the CCRA ensures that evaluations are performed to a high and consistent standard. This eliminates the need for duplicating product evaluations within different countries.

Protection Profiles

A Protection Profile (PP) is a document that stipulates the security functionality that must be included in a product. Organisations can have confidence that evaluations against PPs will cover the expected security functionality of a given product type and address known cyber threats.

In the past, evaluations were conducted at a specified Evaluation Assurance Level (EAL); however, PPs do not incorporate this scale. A cap of EAL 2 will apply to all EAL-based evaluations where a suitable PP does not exist yet. EAL-based evaluations will not considered where a suitable PP already exists.

The ACA endorses all collaborative Protection Profiles that are listed on the Common Criteria website. In addition, the below table includes PPs that are also endorsed by the ACA for an evaluation within the AISEP.

Technology Protection Profile Version Published
Network and Network-Related Devices and Systems PP-Module for Virtual Private Network (VPN) Gateways (Mod_VPNGW_v1.1) V1.1 2020-07-01
Network and Network-Related Devices and Systems PP-Module for Virtual Private Network (VPN) Gateways (Mod_VPNGW_v1.0) V1.0 2019-11-22
Network and Network-Related Devices and Systems Extended Package VPN Gateway (GW EP) V2.1 2017-06-15
Network and Network-Related Devices and Systems Extended Package Intrusion Prevention Systems (IPS EP) V2.11 2017-03-08
Network and Network-Related Devices and Systems Extended Package MACsec Ethernet Encryption (MACSEC EP) V1.2 2016-05-10

Other PPs from the National Information Assurance Partnership may be considered on a case-by-case basis.

Purchasing evaluated products

Organisation looking to purchase products should make a decision as to whether they require independent assurance of a product's security features. If so, purchasers should examine the information available on the Certified Products List (such as the Security Target and Certification Report) for any product that they intend to purchase. On request, the ACA may be able to provide draft versions of the Security Target to potential Australian or New Zealand purchasers while the product is still in evaluation.

Of note, products where the vendor has an ongoing assurance continuity program involving discussion of changes with their certification authority (and conducting re-evaluation activities where necessary), or an evaluated flaw remediation process, will provide a much greater level of continuing assurance than those products that don't.

Products in evaluation

The following products are currently in evaluation within the AISEP.

Vendor Product Assurance Level
Juniper Networks Inc Junos OS 19.3R1 for MX10003 and EX9253 NDcPPv2.1
PacketLight Networks Ltd Packetlight PL2000 Series with Firmware v1.3.12 EAL2 + ALC_FLR.1
Juniper Networks Inc Junos OS 20.2R1 for SRX345, SRX345-DUAL-AC, SRX380 and SRX1500 NDcPPv2.1, IPS EP v2.11, PP-Module for Firewalls v1.3, PP-Module for VPN Gateways v1.0
AppGate Inc AppGate SDP v5.2.0 EAL2 + ALC_FLR.1
Juniper Networks Inc Junos OS 20.3R1 for ACX5448-M NDcPPv2.1
Juniper Networks Inc Junos OS 20.2R1-S1 for QFX5120-48T, QFX5120-48Y, EX4650-48Y, QFX5120-32C, QFX5210-64C and QFX5200-48Y NDcPPv2.1
Juniper Networks Inc Junos OS 20.4R1 for SRX380 in Cluster Mode NDcPPv2.1, IPS EP v2.11, PP-Module for Firewalls v1.3, PP-Module for VPN Gateways v1.0, MACsec EP v1.2
Juniper Networks Inc Junos OS 20.4R1 for SRX345 in Cluster Mode NDcPPv2.1, IPS EP v2.11, PP-Module for Firewalls v1.3, PP-Module for VPN Gateways v1.0

Requesting a product evaluation

To request an EAL-based evaluation, please complete the sponsorship letter. We will work with you and the vendor to understand the evaluation aims, expectations and timeframes. Evaluations against an ACA endorsed PP does not require sponsorship.

Sponsorship Letter for AISEP Evaluation (February 2020)

Frequently asked questions

What is an AISEP Acceptance Package?

An AISEP Acceptance Package contains documents prepared by the developer and an Australasian Information Security Facility. These include the Security Target and Protection Profile (if relevant) as well as any proposed timelines for the evaluation.

What is AISEP Assurance Continuity?

AISEP Assurance Continuity (AAC) is a process that allows a developer to request the extension of a certified product's assurance. In such cases, the product's developer is required to submit a proposal, known as an AAC maintenance task, to the ACA. This proposal contains an Impact Analysis Report (IAR). The ACA subsequently reviews the IAR to determine if the changes to the product are minor or major. Changes deemed as minor result in a maintenance update to the product's cetification while changes deemed as major warrant re-evaluation of the product.