Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Common Criteria (CC) evaluation

Applied Intelligence

AISEP service providers: AISEFs

Jun 13, 2019 - An Australasian Information Security Evaluation Facility (AISEF) is a commercial facility we have licenced to perform Australasian Information Security Evaluation Program (AISEP) evaluations, and has been accredited by the National Association of Testing Authorities, Australia (NATA) to conduct Common Criteria (CC) evaluations. You can contact these AISEFs regarding evaluation services:
Information security evaluation

Australasian Information Security Evaluation Program (AISEP)

Jul 10, 2018 - The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies ICT products for use in Australian and New Zealand government agencies to protect official information and communications systems. The results of successful evaluations are published on the Evaluated Products List (EPL) and the internationally-recognised Common Criteria (CC) Portal.
Frequently asked question icon

Why do we have the AISEP?

Jul 1, 2018 - Australian and New Zealand government agencies, as consumers, have a reasonable expectation that information contained in ICT security products and systems are secure. When an independent evaluation is performed on the security functionality of an ICT security product, consumers have greater confidence in using the product. AISEP-certified products aim to meet Australian and New Zealand government business and security needs.
Frequently asked question icon

Who is the Australasian Certification Authority (ACA) and what do they do?

Jul 1, 2018 - The Australasian Certification Authority (ACA) is the certifying body in Australia and New Zealand for CC evaluations. The ACA is part of the ACSC and implements the AISEP scheme by setting the standards and monitoring the quality of evaluations conducted by the Australasian Information Security Evaluation Facilities (AISEF).

What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?

Jul 1, 2018 - The CCRA is an international agreement between CC certificate-producing and certificate-consuming nations to recognise CC certifications for Evaluation Assurance Levels (EAL) 1 through 2. Through AISEP, Australia and New Zealand are joint certificate-producing members of the CCRA. Certificate-consuming nations do not administer a CC scheme but recognise CC certificates issued by certificate-producing nations.

What is the Common Criteria (CC)?

Jul 1, 2018 - The Common Criteria for Information Technology Security Evaluation is referred to as the CC. It is a standard for evaluating ICT security products against two types of requirements: security functional requirements security assurance requirements. A CC-evaluated ICT security product is certified to meet a list of vendor- claimed security functions and satisfies a level of assurance. The CC also has an International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) equivalent standard of ISO/IEC 15408.

What is the Australasian Information Security Evaluation Program (AISEP)?

Jul 1, 2018 - AISEP is Australia and New Zealand's combined Common Criteria (CC) evaluation and certification scheme. The ACSC administers and manages the AISEP policy and Common Criteria evaluations performed in Australia.
Feature image - padlock green background

Protection Profiles

Jul 1, 2018 - A Protection Profile is a document that stipulates the security functionality that must be included in a Common Criteria evaluation. Agencies can have confidence that the scope of an evaluation against an ACSC-approved Protection Profile covers the necessary security functionality expected of the evaluated product and known security threats will have been addressed. The evaluation scope also includes the effectiveness and integrity of cryptographic functions.

What is an Evaluation Assurance Level (EAL)?

Jul 1, 2018 - An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles.

What is an Australasian Information Security Evaluation Facility (AISEF)?

Jul 1, 2018 - An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations.