Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

Does obtaining FIPS-140 accreditation mean that the ICT product does not need to go through an ACSC Cryptographic evaluation?

Jul 1, 2018 - No. In accordance with the ISM, FIPS-140 accreditation does not replace an ACSC Cryptographic evaluation. However, providing all relevant FIPS accreditation documentation may assist the process. .

Do you charge for Cryptographic evaluations?

Jul 1, 2018 - No. We do not charge evaluation fees for conducting a Cryptographic evaluation or producing a consumer guide. However, the vendor is responsible for arranging delivery of the information, software and/or hardware to us (if secure electronic means is not a viable option) and providing any licences we need to conduct the evaluation. .

Do vendors need a non-disclosure agreement (NDA) in place with the Cryptographic evaluation starts?

Jul 1, 2018 - No. If requested, we can negotiate an NDA with the vendor. This can be a lengthy process that will postpone the start of the Cryptographic evaluation. To reduce delays, we have a standard NDA template, which is available upon request. .

Are there policies explaining the AISEP framework for CC evaluations?

Jul 1, 2018 - We administer the regulations for conducting Common Criteria (CC) evaluations. You can find more detail in the AISEP Policy Manual .
Cisco logo

Exploitation of Critical Cisco ASA Vulnerability

Feb 10, 2018 - The ACSC has become aware of a change in the threat situation surrounding the recently announced Cisco ASA critical remote code execution vulnerability. Proof of concept code is now available which results in a denial of service condition on targeted vulnerable devices. Cisco first released a security advisory on 29 January detailing the vulnerability and affected devices but has since identified additional attack…
Intel Meltdown and Spectre images

Update on processor vulnerabilities (Meltdown/Spectre)

Jan 29, 2018 - Intel has confirmed that the microcode updates designed to mitigate Spectre variant 2 (CVE-2017-5715: Branch Target Injection) have introduced an increased risk of system instability, data loss and corruption. Intel has released an advisory recommending that users cease deployment of the current microcode update (Root Cause of Reboot Issue Identified). . 11 January 2018 The ACSC is aware of…