Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

What is the AISEP mission statement?

Jul 1, 2018 - AISEP exists to ensure the ready availability of a list of independently- assured ICT security products that meet the needs of Australian and New Zealand government agencies in securing their official resources in accordance with the Information Security Manual (ISM).

What is NZ ISM and how is it related to the EPL?

Jul 1, 2018 - The New Zealand Information Security Manual (NZ ISM) provides policy and guidance for New Zealand government agencies.

What is an Evaluation Assurance Level (EAL)?

Jul 1, 2018 - An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles.

What is an Australasian Information Security Evaluation Facility (AISEF)?

Jul 1, 2018 - An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations.

What is an AISEP Acceptance Package (AAP)?

Jul 1, 2018 - The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be evaluated against the CC security and assurance requirements.

What is AISEP Assurance Continuity (AAC)?

Jul 1, 2018 - AISEP Assurance Continuity (AAC) is a process that allows an AISEP-certified or CCRA mutually-recognised product to extend their assurance when the product has undergone minor changes. The developer is required to submit a proposal to conduct an AAC maintenance task that contains an Impact Analysis Report (DOC)and a covering letter providing the developers details.

What is a Target of Evaluation (TOE)?

Jul 1, 2018 - The Target of Evaluation (TOE) specifies the components of an ICT product that is being evaluated. CC evaluations require the TOE to be identified through security functions, interfaces and policies. The AISEP Policy Manual provides additional information about the TOE.

What is a consumer guide?

Jul 1, 2018 - Consumer guides are found on the EPL and are for the benefit of Australian Government agencies. We publish a consumer guide for all ICT security products for which we have performed a Cryptographic evaluation and sometimes where we deem clarification of use for Australian Government is necessary. Consumer guides give a brief description of the product, detail the scope of the evaluation and include recommendations for secure cryptographic usage. They also specify the classification of data that the product can be used to protect.

What information and support should vendors provide for an ACSC Cryptographic evaluation?

Jul 1, 2018 - Vendors should provide: a technical and/or engineering contact within the company (preferably located in Australia) to answer questions technical documentation including descriptions of protocols, key management, algorithms and data formats offline access to the full source code.

What do I need to be aware of when using public Wi-Fi?

Jul 1, 2018 - Be careful about what you do online when you're connected to a hotspot or free WiFi. While it's ok to check the news or the weather, avoid sending or receiving valuable or sensitive information when you're connected to public Wi-Fi. These networks are unsecured and it's possible that others can see what you're doing when you use them. Read more about how to stay safe when using public WiFi