Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

FAQs ACSC Small Business Survey

Jun 17, 2019 - The ACSC Small Business Survey will help the ACSC understand attitudes and approaches to cyber security among Australia’s small business owners and operators. We have developed the survey as part of our mission to improve cyber security for all Australians and make Australia the safest place to connect online.
Frequently asked question icon

Are there particular cryptographic algorithms or protocols that should be implemented in the ICT security product for Australian Government use?

Feb 1, 2019 - Yes. All ICT security products implementing cryptography destined for use by Australian Government agencies must use ACSC-approved cryptographic algorithms and ACSC-approved cryptographic protocols. Further information is in the ISM.
Frequently asked question icon

Why should cyber security matter to me?

Jul 1, 2018 - For most of us, the internet opens up new opportunities. We can shop, bank, research, work and connect when and where we want to. But the online world can also give criminals opportunities to steal money, information or identities. Taking care of your safety online is no more complicated than the steps you take in other aspects of your life. We all do things to safeguard our physical belongings such as locking our doors and keeping hold of our wallets. By taking the same care of your devices and when engaging online, you can protect yourself and your online assets.
Frequently asked question icon

Why doesnt the EPL publish all mutually-recognised CC evaluations?

Jul 1, 2018 - Common Criteria Recognition Arrangement (CCRA) participating nations do not duplicate the publication of mutually-recognised certified products on each of their certified products lists (for the AISEP, this is the EPL). In accordance with the CCRA, certificates published on the CC Portal that are EAL 1 through 2 are instantly mutually recognised by Australia and New Zealand and, therefore, the Evaluated Products List (EPL) is not required to repeat published evaluations and certifications.
Frequently asked question icon

Why do you need source code to perform the evaluation?

Jul 1, 2018 - We need to independently review the source code to be confident in the implementation and architecture of the cryptographic security. Providing source code usually expedites the evaluation.
Frequently asked question icon

Why do we have the AISEP?

Jul 1, 2018 - Australian and New Zealand government agencies, as consumers, have a reasonable expectation that information contained in ICT security products and systems are secure. When an independent evaluation is performed on the security functionality of an ICT security product, consumers have greater confidence in using the product. AISEP-certified products aim to meet Australian and New Zealand government business and security needs.
Frequently asked question icon

Who owns the AISEP?

Jul 1, 2018 - The ACSC and New Zealands Government Communications Security Bureau (GCSB) are dual signatories to the AISEP as a Common Criteria (CC) certificate producing scheme. We are the certifying body for both Australia and New Zealand.
Frequently asked question icon

Who is the Australasian Certification Authority (ACA) and what do they do?

Jul 1, 2018 - The Australasian Certification Authority (ACA) is the certifying body in Australia and New Zealand for CC evaluations. The ACA is part of the ACSC and implements the AISEP scheme by setting the standards and monitoring the quality of evaluations conducted by the Australasian Information Security Evaluation Facilities (AISEF).
Frequently asked question icon

Which nations participate in the CCRA?

Jul 1, 2018 - Have a look at CCRA participants on the CC Portal.

Where do I report a scam?

Jul 1, 2018 - To report a cybercrime incident, go to and report it. It is a national online system to help businesses and individuals securely report cybercrime. Scams can be reported to the Australian Competition and Consumer Commission's Scamwatch.