Jul 1, 2018 - The New Zealand Information Security Manual (NZ ISM) provides policy and guidance for New Zealand government agencies. .
Jul 1, 2018 - An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles. .
Jul 1, 2018 - An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations. .
Jul 1, 2018 - The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be evaluated against the CC security and assurance requirements. A Protection Profile (PP) is an implementation-independent…
Jul 1, 2018 - AISEP Assurance Continuity (AAC) is a process that allows an AISEP-certified or CCRA mutually-recognised product to extend their assurance when the product has undergone minor changes. The developer is required to submit a proposal to conduct an AAC maintenance task that contains an Impact Analysis Report (DOC)and a covering letter providing the developers details. We will review the IAR to determine if the changes are…
Jul 1, 2018 - The Target of Evaluation (TOE) specifies the components of an ICT product that is being evaluated. CC evaluations require the TOE to be identified through security functions, interfaces and policies. The AISEP Policy Manual provides additional information about the TOE. ICT product developers may consult with an AISEF to gain a greater understanding of TOE definition for product evaluation. .
Jul 1, 2018 - Consumer guides are found on the EPL and are for the benefit of Australian Government agencies. We publish a consumer guide for all ICT security products for which we have performed a Cryptographic evaluation and sometimes where we deem clarification of use for Australian Government is necessary. Consumer guides give a brief description of the product, detail the scope of the evaluation and include recommendations for…
Jul 1, 2018 - Vendors should provide: a technical and/or engineering contact within the company (preferably located in Australia) to answer questions technical documentation including descriptions of protocols, key management, algorithms and data formats offline access to the full source code. .
Jul 1, 2018 - Be careful about what you do online when you're connected to a hotspot or free WiFi. While it's ok to check the news or the weather, avoid sending or receiving valuable or sensitive information when you're connected to public Wi-Fi. These networks are unsecured and it's possible that others can see what you're doing when you use them. Read more about how to stay safe when using public WiFi .
Jul 1, 2018 - An Australian Government agency must request that we conduct a Cryptographic evaluation of an ICT security product, through our recommendation process. .