Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Our programs

Information security evaluation

Australasian Information Security Evaluation Program (AISEP)

Jul 10, 2018 - The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies ICT products for use in Australian and New Zealand government agencies to protect official information and communications systems. The results of successful evaluations are published on the Evaluated Products List (EPL) and the internationally-recognised Common Criteria (CC) Portal.

Certification guidance

Jul 1, 2018 - Computer security evaluation is the detailed examination and testing of the security features of an ICT system or product to ensure that they work correctly and effectively and do not show any exploitable vulnerabilities. Process of evaluation There are three stages in the evaluation and certification process:
IT Security

Submitting ICT security products for evaluation

Jul 1, 2018 - If you are an industry consultant or a product developer and would like your product evaluated, use the following checklist: Step 1 Conduct background research on government agency security needs through the Australian Government Information Security Manual (ISM) and/or the NZ ISM
Digital Evaluation

Recommendation for ACSC evaluation

Jul 1, 2018 - You can submit a letter of recommendation for evaluation up to EAL2 where there isnt yet an ACSC-approved Protection Profile for the relevant technology. Submit your evaluation request using this letter of recommendation for evaluation template. The letter of recommendation for evaluation serves three main purposes: It provides a record and helps with tracking. It helps us communicate with you during the evaluation. It provides us with details on how you intend to use the product so we can ensure the scope of evaluation is appropriate.
Feature image - padlock green background

Protection Profiles

Jul 1, 2018 - A Protection Profile is a document that stipulates the security functionality that must be included in a Common Criteria evaluation. Agencies can have confidence that the scope of an evaluation against an ACSC-approved Protection Profile covers the necessary security functionality expected of the evaluated product and known security threats will have been addressed. The evaluation scope also includes the effectiveness and integrity of cryptographic functions.
Feature - OnSecure

Our online portals

Jul 1, 2018 - We provide information through two online portals to enable access and sharing of information about information security matters. One is available to members of our ACSC partnership program. The second, OnSecure, is for Australian Government ICT and cyber security professionals, IRAP assessors, selected vendors.

JCSC locations

Jul 1, 2018 - Joint Cyber Security Centres (JCSC) are rolling out across the country.
Information security evaluation

High assurance evaluations

Jul 1, 2018 - A high assurance evaluation encompasses rigorous analysis and testing to search for any vulnerabilities in a product or system.
3D line chart

Evaluation Assurance Levels (EAL)

Jul 1, 2018 - The Common Criteria have seven assurance levels: from EAL1, the lowest, to EAL7, the highest. At present, only assurance levels up to EAL2 have been incorporated within the international Common Criteria Recognition Arrangement (CCRA). The seven levels are described below. The CCRA is moving away from EAL-based evaluations in favour of Protection Profile evaluations.