Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

Frequently asked question icon

Where do I get information on the latest cyber threats?

Jul 1, 2018 - Stay Smart Online provides a free Alert Service for Australian internet users, to explain recent online threats and how they can be managed. Sign up to the service. Stay Smart Online Alerts provide easy to understand online safety and security information and solutions to help protect internet users at home, at work and on mobile devices. The resource also informs users about the latest threats and vulnerabilities within an Australian context, and how to address any risks to their devices or computer networks.
Frequently asked question icon

Where do I get help?

Jul 1, 2018 - Falling victim to an online scam, virus or other internet nasty can be frustrating and unpleasant but help is always available! If something has knocked you offline, check out Stay Smart Online for information to help you get back up and running.

When can you begin the Cryptographic evaluation?

Jul 1, 2018 - An ACSC Cryptographic evaluation can only be performed on products which have been certified via a recognised Common Criteria (CC) scheme, in Australia or overseas. The CC Security Target and Certification Report must be published/publicly available before we can begin our evaluation. The evaluation start date is also subject to information provided by the vendor.

What tests are performed during a Cryptographic evaluation?

Jul 1, 2018 - We conduct a combination of open source and in-house tests to ensure the correct implementation of encryption algorithms as well as assessing the quality of the surrounding cryptographic architecture. Depending on the type and technology of ICT security product undergoing evaluation, testing might include packet sniffing, black box testing, source code review, key management analysis and Random Number Generation (RNG) evaluation.

What is the ISM and how is it related to the EPL?

Jul 1, 2018 - The Australian Government Information Security Manual (ISM) provides policies and guidance on security controls to Australian Government agencies on how to protect their ICT systems. It provides guidance on selecting ICT security products from the EPL.

What is the EPL and where can I find it?

Jul 1, 2018 - The Evaluated Products List (EPL) serves two purposes: It fulfils the AISEP's requirement of the CCRA to publish a list of AISEP-certified products It provides a comprehensive list of ACSC-evaluated ICT security products that meet the needs of Australian and New Zealand government agencies in securing official resources in accordance with the Information Security Manual (ISM). The EPL publishes:

What is the difference between an AISEP evaluation and an AISEP certification?

Jul 1, 2018 - AISEP evaluations are conducted by an AISEF. AISEP certification is performed by us. An AISEP evaluation applies the CC Evaluation Methodology (CEM) against CC assurance requirements.

What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?

Jul 1, 2018 - The CCRA is an international agreement between CC certificate-producing and certificate-consuming nations to recognise CC certifications for Evaluation Assurance Levels (EAL) 1 through 2. Through AISEP, Australia and New Zealand are joint certificate-producing members of the CCRA. Certificate-consuming nations do not administer a CC scheme but recognise CC certificates issued by certificate-producing nations.

What is the Common Criteria (CC)?

Jul 1, 2018 - The Common Criteria for Information Technology Security Evaluation is referred to as the CC. It is a standard for evaluating ICT security products against two types of requirements: security functional requirements security assurance requirements. A CC-evaluated ICT security product is certified to meet a list of vendor- claimed security functions and satisfies a level of assurance. The CC also has an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) equivalent standard of ISO/IEC 15408.

What is the Australasian Information Security Evaluation Program (AISEP)?

Jul 1, 2018 - AISEP is Australia and New Zealand's combined Common Criteria (CC) evaluation and certification scheme. The ACSC administers and manages the AISEP policy and Common Criteria evaluations performed in Australia.