Jul 10, 2018 - The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies ICT products for use in Australian and New Zealand government agencies to protect official information and communications systems. The results of successful evaluations are published on the Evaluated Products List (EPL) and the internationally-recognised Common Criteria (CC) Portal.
Jul 1, 2018 - Computer security evaluation is the detailed examination and testing of the security features of an ICT system or product to ensure that they work correctly and effectively and do not show any exploitable vulnerabilities. Process of evaluation There are three stages in the evaluation and certification process:
Jul 1, 2018 - If you are an industry consultant or a product developer and would like your product evaluated, use the following checklist: Step 1 Conduct background research on government agency security needs through the Australian Government Information Security Manual (ISM) and/or the NZ ISM
Jul 1, 2018 - You can submit a letter of recommendation for evaluation up to EAL2 where there isnt yet an ACSC-approved Protection Profile for the relevant technology. Submit your evaluation request using this letter of recommendation for evaluation template. The letter of recommendation for evaluation serves three main purposes: It provides a record and helps with tracking. It helps us communicate with you during the evaluation. It provides us with details on how you intend to use the product so we can ensure the scope of evaluation is appropriate.
Jul 1, 2018 - A Protection Profile is a document that stipulates the security functionality that must be included in a Common Criteria evaluation. Agencies can have confidence that the scope of an evaluation against an ACSC-approved Protection Profile covers the necessary security functionality expected of the evaluated product and known security threats will have been addressed. The evaluation scope also includes the effectiveness and integrity of cryptographic functions.
Jul 1, 2018 - We provide information through two online portals to enable access and sharing of information about information security matters. One is available to members of our ACSC partnership program. The second, OnSecure, is for Australian Government ICT and cyber security professionals, IRAP assessors, selected vendors.
Jul 1, 2018 - Joint Cyber Security Centres (JCSC) are rolling out across the country.
Jul 1, 2018 - A high assurance evaluation encompasses rigorous analysis and testing to search for any vulnerabilities in a product or system.
Jul 1, 2018 - The Common Criteria have seven assurance levels: from EAL1, the lowest, to EAL7, the highest. At present, only assurance levels up to EAL2 have been incorporated within the international Common Criteria Recognition Arrangement (CCRA). The seven levels are described below. The CCRA is moving away from EAL-based evaluations in favour of Protection Profile evaluations.