Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

What is NZ ISM and how is it related to the EPL?

Jul 1, 2018 - The New Zealand Information Security Manual (NZ ISM) provides policy and guidance for New Zealand government agencies. .

What is an Evaluation Assurance Level (EAL)?

Jul 1, 2018 - An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles. .

What is an Australasian Information Security Evaluation Facility (AISEF)?

Jul 1, 2018 - An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations. .

What is an AISEP Acceptance Package (AAP)?

Jul 1, 2018 - The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be evaluated against the CC security and assurance requirements. A Protection Profile (PP) is an implementation-independent…

What is AISEP Assurance Continuity (AAC)?

Jul 1, 2018 - AISEP Assurance Continuity (AAC) is a process that allows an AISEP-certified or CCRA mutually-recognised product to extend their assurance when the product has undergone minor changes. The developer is required to submit a proposal to conduct an AAC maintenance task that contains an Impact Analysis Report (DOC)and a covering letter providing the developers details. We will review the IAR to determine if the changes are…

What is a Target of Evaluation (TOE)?

Jul 1, 2018 - The Target of Evaluation (TOE) specifies the components of an ICT product that is being evaluated. CC evaluations require the TOE to be identified through security functions, interfaces and policies. The AISEP Policy Manual provides additional information about the TOE. ICT product developers may consult with an AISEF to gain a greater understanding of TOE definition for product evaluation. .

What is a consumer guide?

Jul 1, 2018 - Consumer guides are found on the EPL and are for the benefit of Australian Government agencies. We publish a consumer guide for all ICT security products for which we have performed a Cryptographic evaluation and sometimes where we deem clarification of use for Australian Government is necessary. Consumer guides give a brief description of the product, detail the scope of the evaluation and include recommendations for…

What information and support should vendors provide for an ACSC Cryptographic evaluation?

Jul 1, 2018 - Vendors should provide: a technical and/or engineering contact within the company (preferably located in Australia) to answer questions technical documentation including descriptions of protocols, key management, algorithms and data formats offline access to the full source code. .

What do I need to be aware of when using public Wi-Fi?

Jul 1, 2018 - Be careful about what you do online when you're connected to a hotspot or free WiFi. While it's ok to check the news or the weather, avoid sending or receiving valuable or sensitive information when you're connected to public Wi-Fi. These networks are unsecured and it's possible that others can see what you're doing when you use them. Read more about how to stay safe when using public WiFi .

If a vendor's ICT security product has been evaluated under a Common Criteria scheme other than the AISEP, how do I have it listed on the EPL?

Jul 1, 2018 - An Australian Government agency must request that we conduct a Cryptographic evaluation of an ICT security product, through our recommendation process. .