Jul 1, 2018 - AISEP exists to ensure the ready availability of a list of independently- assured ICT security products that meet the needs of Australian and New Zealand government agencies in securing their official resources in accordance with the Information Security Manual (ISM).
Jul 1, 2018 - The New Zealand Information Security Manual (NZ ISM) provides policy and guidance for New Zealand government agencies.
Jul 1, 2018 - An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles.
Jul 1, 2018 - An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations.
Jul 1, 2018 - The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be evaluated against the CC security and assurance requirements.
Jul 1, 2018 - AISEP Assurance Continuity (AAC) is a process that allows an AISEP-certified or CCRA mutually-recognised product to extend their assurance when the product has undergone minor changes. The developer is required to submit a proposal to conduct an AAC maintenance task that contains an Impact Analysis Report (DOC)and a covering letter providing the developers details.
Jul 1, 2018 - The Target of Evaluation (TOE) specifies the components of an ICT product that is being evaluated. CC evaluations require the TOE to be identified through security functions, interfaces and policies. The AISEP Policy Manual provides additional information about the TOE.
Jul 1, 2018 - Consumer guides are found on the EPL and are for the benefit of Australian Government agencies. We publish a consumer guide for all ICT security products for which we have performed a Cryptographic evaluation and sometimes where we deem clarification of use for Australian Government is necessary. Consumer guides give a brief description of the product, detail the scope of the evaluation and include recommendations for secure cryptographic usage. They also specify the classification of data that the product can be used to protect.
Jul 1, 2018 - Vendors should provide: a technical and/or engineering contact within the company (preferably located in Australia) to answer questions technical documentation including descriptions of protocols, key management, algorithms and data formats offline access to the full source code.
Jul 1, 2018 - Be careful about what you do online when you're connected to a hotspot or free WiFi. While it's ok to check the news or the weather, avoid sending or receiving valuable or sensitive information when you're connected to public Wi-Fi. These networks are unsecured and it's possible that others can see what you're doing when you use them. Read more about how to stay safe when using public WiFi