Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

Frequently asked question icon

Where do I get help?

Jul 1, 2018 - Falling victim to an online scam, virus or other internet nasty can be frustrating and unpleasant but help is always available! If something has knocked you offline, check out Stay Smart Online for information to help you get back up and running. .

When can you begin the Cryptographic evaluation?

Jul 1, 2018 - An ACSC Cryptographic evaluation can only be performed on products which have been certified via a recognised Common Criteria (CC) scheme, in Australia or overseas. The CC Security Target and Certification Report must be published/publicly available before we can begin our evaluation. The evaluation start date is also subject to information provided by the vendor. For products undergoing CC evaluation in the AISEP, when…

What tests are performed during a Cryptographic evaluation?

Jul 1, 2018 - We conduct a combination of open source and in-house tests to ensure the correct implementation of encryption algorithms as well as assessing the quality of the surrounding cryptographic architecture. Depending on the type and technology of ICT security product undergoing evaluation, testing might include packet sniffing, black box testing, source code review, key management analysis and Random Number Generation (RNG)…

What is the ISM and how is it related to the EPL?

Jul 1, 2018 - The Australian Government Information Security Manual (ISM) provides policies and guidance on security controls to Australian Government agencies on how to protect their ICT systems. It provides guidance on selecting ICT security products from the EPL. .

What is the historical EPL and where can I find it?

Jul 1, 2018 - The historical EPL contains certified products that were previously listed on the EPL. .

What is the EPL and where can I find it?

Jul 1, 2018 - The Evaluated Products List (EPL) serves two purposes: It fulfils the AISEP's requirement of the CCRA to publish a list of AISEP-certified products It provides a comprehensive list of ACSC-evaluated ICT security products that meet the needs of Australian and New Zealand government agencies in securing official resources in accordance with the Information Security Manual (ISM). The EPL publishes:.

What is the difference between an AISEP evaluation and an AISEP certification?

Jul 1, 2018 - AISEP evaluations are conducted by an AISEF. AISEP certification is performed by us. An AISEP evaluation applies the CC Evaluation Methodology (CEM) against CC assurance requirements. The evaluation aims to produce a standardised and repeatable result that facilitates mutual recognition of certifications across CCRA participating schemes. An AISEP certification represents the validation of the evaluation activities and…

What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?

Jul 1, 2018 - The CCRA is an international agreement between CC certificate-producing and certificate-consuming nations to recognise CC certifications for Evaluation Assurance Levels (EAL) 1 through 2. Through AISEP, Australia and New Zealand are joint certificate-producing members of the CCRA. Certificate-consuming nations do not administer a CC scheme but recognise CC certificates issued by certificate-producing nations.…

What is the Common Criteria (CC)?

Jul 1, 2018 - The Common Criteria for Information Technology Security Evaluation is referred to as the CC. It is a standard for evaluating ICT security products against two types of requirements: security functional requirements security assurance requirements. A CC-evaluated ICT security product is certified to meet a list of vendor- claimed security functions and satisfies a level of assurance. The CC also has an International…

What is the Australasian Information Security Evaluation Program (AISEP)?

Jul 1, 2018 - AISEP is Australia and New Zealand's combined Common Criteria (CC) evaluation and certification scheme. The ACSC administers and manages the AISEP policy and Common Criteria evaluations performed in Australia. .