Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Frequently Asked Questions

Does obtaining FIPS-140 accreditation mean that the ICT product does not need to go through an ACSC Cryptographic evaluation?

Jul 1, 2018 - No. In accordance with the ISM, FIPS-140 accreditation does not replace an ACSC Cryptographic evaluation. However, providing all relevant FIPS accreditation documentation may assist the process.

Do you charge for Cryptographic evaluations?

Jul 1, 2018 - No. We do not charge evaluation fees for conducting a Cryptographic evaluation or producing a consumer guide. However, the vendor is responsible for arranging delivery of the information, software and/or hardware to us (if secure electronic means is not a viable option) and providing any licences we need to conduct the evaluation.

Do vendors need a non-disclosure agreement (NDA) in place with the Cryptographic evaluation starts?

Jul 1, 2018 - No. If requested, we can negotiate an NDA with the vendor. This can be a lengthy process that will postpone the start of the Cryptographic evaluation. To reduce delays, we have a standard NDA template, which is available upon request.

Are there policies explaining the AISEP framework for CC evaluations?

Jul 1, 2018 - We administer the regulations for conducting Common Criteria (CC) evaluations. You can find more detail in the AISEP Policy Manual