The Cryptographic evaluation process generally takes several months. This timeframe is separate to the time taken for the AISEP evaluation.
The time taken depends on the level of vendor cooperation and whether any security vulnerabilities are found during the evaluation. If we do find security vulnerabilities, whether we continue the Cryptographic evaluation depends on the implementation of a suitable fix.
If the recommending Australian Government agency withdraws its recommendation, we will usually halt the Cryptographic evaluation.