First published: 17 Oct 2019
Last updated: 31 May 2024

Content written for

Large organisations & infrastructure
Government
On this page

The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyber threats. These evaluation activities are certified by the Australian Certification Authority (ACA).

The Common Criteria

Information on what the Common Criteria is, and its guiding documentation, can be obtained from the Common Criteria website.

Certified Products

For a list of products certified via the AISEP, see the Certified Products List (CPL) on the Common Criteria website.

Certificates are withdrawn by the ACA if it is discovered that the products did not meet the criteria for which they were certified. Certificates withdrawn are listed below:

AISEP announcements

  • January 2024
    The ACA has updated its endorsed Protection Profiles and Protection Profiles under consideration lists.
  • October 2022
    The ACA has completed a major revision and update of its AISEP Policy Manual (APM) which governs the operations and management of the AISEP. The revised APM is in-line with current practices and Common Criteria Recognition Arrangement (CCRA) requirements. The latest release of the APM is listed under the ‘AISEP policy and interpretations’ below.
     
  • September 2022
    The ACA has updated its endorsed Protection Profiles list and created a new list of Protection Profiles under consideration by the program.
     
  • September 2021
    The AISEP's program name has changed to 'Australian' from 'Australasian' to better reflect the status of the program that resides in Australia, and as a certificate authorising nation of the CCRA.
     
  • July 2021
    The ACA has endorsed the U.S Government Approved Protection Profile – PP-Module for Intrusion Prevention Systems (IPS) version 1.0 and added this document to the ACA-endorsed PP list below.

AISEP policy and interpretations

Sometimes an interpretation is required from the ACA for content within the AISEP Policy Manual or for product evaluation processes and procedures. The AISEP Policy Manual and current AISEP interpretations are listed below.

Australian Information Security Evaluation Facilities

An Australian Information Security Evaluation Facility (AISEF) is a commercial facility licensed by ASD, and accredited by the National Association of Testing Authorities, Australia (NATA), to conduct evaluations under the AISEP.

DXC Australia

Attention: Luke McMichael
26 Talavera Road
Macquarie Park, NSW 2113
Email: luke.mcmichael@dxc.com
Web: https://www.dxc.technology/security

Teron Labs

Attention: Juan Gonzalez
Unit 3, 10 Geils Court
Deakin ACT 2600
Phone: +61 2 5114 4878
Email: juan@teronlabs.com
Web: https://www.teronlabs.com

The following Australian Information Security Evaluation Facility is licensed to operate under the AISEP pending NATA 17025 accreditation.

Viden Labs

Attention: Anthony Barnes
Unit 63, Level 1, 10 Lonsdale St
Braddon ACT 2612
Email: anthony@viden.com
Web: https://www.viden.com

Securus Consulting Group

Attention: Patrick Campbell-Dunn
Unit 4, 2 Brindabella Cct
Canberra Airport ACT 2609
Phone: +61 2 6189 4920
Email: aisef@securus-cg.com
Web: https://www.securus-cg.com

International partners

The Common Criteria Recognition Arrangement (CCRA) was established in 1998 in order for certification authorities to mutually recognise each other's certified products. Initially the CCRA was comprised of certification authorities from Canada, France, Germany, the United Kingdom and the United States. Australia and New Zealand joined the CCRA in 1999. A list of current participants can be found on the Common Criteria website.

Consumers can be confident that each participant of the CCRA ensures that evaluations are performed to a high and consistent standard. This eliminates the need for duplicating product evaluations within different countries.

Protection Profiles

A Protection Profile (PP) is a document stipulating the security functionality that must be included in a product. Organisations can have confidence that evaluations against PPs will cover the expected security functionality of a given product type and address known cyber threats.

In the past, evaluations were conducted at a specified Evaluation Assurance Level (EAL); however, PPs do not incorporate this scale. A cap of EAL 2 will apply to all EAL-based evaluations where a suitable PP does not yet exist. EAL-based evaluations will not be considered where a suitable PP already exists.

The ACA endorses all collaborative Protection Profiles that are listed on the Common Criteria website. In addition, the below table includes PPs that are also endorsed by the ACA for an evaluation within the AISEP.

TechnologyProtection ProfileVersionPublished
Network and Network-Related Devices and SystemsPP-Module for Virtual Private Network (VPN) Gateways (Mod_VPNGW_v1.3)V1.32023-08-16
Network and Network-Related Devices and SystemsPP-Module for MACsec Ethernet EncryptionV1.02023-03-02
Network and Network-Related Devices and SystemsPP-Module for Intrusion Prevention Systems (Mod_IPS_v1.0)V1.02021-05-11
Network and Network-Related Devices and SystemsExtended Package MACsec Ethernet Encryption (MACSEC EP)V1.22016-05-10

The ACA follows the Transition End Date of NIAP-developed PPs as published on the NIAP’s website. During the transition window, products will be accepted into evaluation against the preceding version of the PP. All product evaluation submitted after the Transition End Date will only be accepted by the ACA for evaluation against the new version of NIAP-approved PP.

The below table includes PPs that are based on technologies that align with the Information Security Manual and are under consideration by the ACA as suitable for an evaluation within the AISEP.

TechnologyProtection ProfileVersionPublished
Application SoftwareProtection Profile for Application softwareV1.42021-10-07
Certificate AuthorityProtection Profile for Certification AuthoritiesV2.12017-12-01
MobilityProtection Profile for Mobile Device FundamentalsV3.32021-04-15
Network EncryptionFunctional Package for TLSV2.02019-02-12
Peripheral SwitchProtection Profile for Peripheral Sharing DeviceV4.02019-07-19
Peripheral SwitchPP-Module for Analog Audio Output DevicesV1.02019-07-19
Peripheral SwitchPP-Module for Audio Input DevicesV1.02019-07-19
Peripheral SwitchPP-Module for Keyboard/Mouse DevicesV1.02019-07-19
Peripheral SwitchPP-Module for User Authentication DevicesV1.02019-07-19
Peripheral SwitchPP-Module for Video/Display DevicesV1.02019-07-19

Other PPs from the National Information Assurance Partnership may be considered on a case-by-case basis.

Purchasing evaluated products

Organisation looking to purchase products should make a decision as to whether they require independent assurance of a product's security features. If so, purchasers should examine the information available on the Certified Products List (such as the Security Target and Certification Report) for any product that they intend to purchase. On request, the ACA may be able to provide draft versions of the Security Target to potential Australian or New Zealand purchasers while the product is still in evaluation.

Of note, products where the vendor has an ongoing assurance continuity program involving discussion of changes with their certification authority (and conducting re-evaluation activities where necessary), or an evaluated flaw remediation process, will provide a much greater level of continuing assurance than those products that don't.

Products in evaluation

The following products are currently in evaluation within the AISEP.

VendorProductAssurance LevelAcceptance DateAISEFTask ID
Hewlett Packard EnterprisesHPE Aruba Orchestrator and EdgeConnectNDcPPv2.2e, PP-Module for VPN Gateways Version 1.3, PP-Module for Stateful Traffic Filter Firewalls, Version 1.413 June 2024Teron LabEFT-T049
Juniper Networks IncJuniper SSR software v6.2.3-14r2 on Juniper SSR120, SSR130, SSR1200, SSR1300, SSR1400 and SSR1500NDcPPv2.2e, PP-Module for VPN Gateways Version 1.3, PP-Module for Stateful Traffic Filter Firewalls, Version 1.413 June 2024Teron LabEFT-T048
Juniper Networks IncJuniper Junos OS 23.4R1 for SRX1600NDcPPv2.2e, PP-Module for VPN Gateways Version 1.3, PP-Module for Stateful Traffic Filter Firewalls, Version 1.4, PP-Module for Intrusion Prevention Systems (IPS), Version 1.08 May 2024Teron LabsEFT-T046
Juniper Networks IncJunos OS Evolved 23.4 for PTX10001-36MRNDcPPv2.2e, PP-Module for MACsec Ethernet Encryption Version: 1.06 May 2024Teron LabsEFT-T045
Juniper Networks IncJunos OS 23.4R1 for MX10004 and MX10008NDcPPv2.2e, PP-Module for MACsec Ethernet Encryption Version: 1.012 Apr 2024Teron LabsEFT-T044
Cogito GroupJellyfish Leviathan CA 1.0CA_PPv2.121 Nov 2023Viden LabsEFT-T002
EndaceProbeEP-92C8-G4, EP-2184-G5 and EP-2144-G5 with Endace OSm v7.2NDcPPv2.2e18 Sep 2023Teron LabsEFT-T043
ZiperaseZiperase Drive Erasure Software v3.0EAL211 May 2023Teron LabsEFT-T042
Juniper Networks IncJuniper SSR Software v6.0.4-11 on Juniper SSR120, SSR130, SSR1200, SSR1300, SSR1400 and SSR1500NDcPPv2.2e, MOD_CPP_FW_V1.4e06 Jan 2023Teron LabsEFT-T036
Juniper Networks IncJunos OS 22.3R1 for MX and EX Series with MPC10ENDcPPv2.2e, MACsec EP V1.228 Nov 2022Teron LabsEFT-T035
Juniper Networks IncJunos OS 22.3R1 for QFX5200-32C, QFX5110-48S, QFX5110-32Q, QFX5120-48T, QFX5120-48Y, QFX5120-32C, QFX5210-64C, QFX5200-48Y and EX4650-48YNDcPPv2.2e01 Nov 2022Teron LabsEFT-T033
Juniper Networks IncJunos OS 22.3R1 for MX204 and ACX5448NDcPPv2.2e28 Nov 2022Teron LabsEFT-T031
Hewlett Packard EnterpriseHPE FlexFabric 5945 and 12900E Switch Series running HPE Comware Software, Version 7.1.070, Release 7624Collaborative Protection Profile for Network Devices Version 2.2e (NDcPPv2.2e)09 Mar 2022Teron LabsEFT-T026

Requesting a product evaluation

To request an EAL-based evaluation, please complete the sponsorship letter. We will work with you and the vendor to understand the evaluation aims, expectations and timeframes. Evaluations against an ACA endorsed PP does not require sponsorship.

Please note, vendors are not able to self-sponsor for AISEP evaluations. Also, while the sponsorship letter indicates consumer’s interest in the product, it does not obligate the purchase of the product by the sponsor after it has been certified.

Sponsorship Letter for AISEP Evaluation

Frequently asked questions

What is an AISEP Acceptance Package?

An AISEP Acceptance Package contains documents prepared by the developer and an Australian Information Security Facility. These include the Security Target and Protection Profile (if relevant) as well as any proposed timelines for the evaluation.

What is AISEP Assurance Continuity?

AISEP Assurance Continuity (AAC) is a process that allows a developer to request the extension of a certified product's assurance. In such cases, the product's developer is required to submit a proposal, known as an AAC maintenance task, to the ACA. This proposal contains an Impact Analysis Report (IAR). The ACA subsequently reviews the IAR to determine if the changes to the product are minor or major. Changes deemed as minor result in a maintenance update to the product's certification while changes deemed as major warrant re-evaluation of the product.

Contact us

If you have any other AISEP-related questions please contact the ACA at aca.certifications@defence.gov.au.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it