Sorry, you need to enable JavaScript to visit this website.
Skip to main content

EPL

Evaluated Products List

The Australian Signals Directorate (ASD) maintains the Evaluated Products List (EPL) of ICT security products evaluated by ASD for use in Australian and New Zealand government agencies.

  • Products on the EPL are certified for specific purposes.
  • Products on the EPL may be used to build secure systems and networks as described in the Australian Government Information Security Manual (ISM).
  • Products are certified against the internationally-recognised ISO 15408 Common Criteria (CC). The CC Portal lists other products with mutually-recognised certification that may also be used.
  • ASD’s certification office, the Australasian Certification Authority, oversees the Australasian Information Security Evaluation Program (AISEP) that administers product testing by licensed commercial evaluation facilities.
  • The EPL also lists ASD’s Cryptographic Evaluations.

 

Digital Evaluation

Government requests for evaluation of an ICT product

Aug 14, 2018 - Australian and New Zealand government agencies can ask us to evaluate an ICT product (hardware or software) for evaluation up to EAL2 where we haven't yet approved a Protection Profile for the relevant technology. To request an evaluation, fill out the following template and email it to us at asd.assist@defence.gov.au..
Six step process

Industry requests for an evaluation of an ICT product

Aug 14, 2018 - Only Australian and New Zealand government agencies can ask us to evaluate an ICT product. If you are an industry consultant or a product developer and your product evaluated, use the checklist listed here. . Step 1 Research the types of evaluations we offer. Step 2 Research government agency security needs through the Australian Government Information Security Manual (ISM) and/or the NZ ISM For…
Evaluation

ICT product security evaluations

Jul 10, 2018 - We undertake formal independent assessment of ICT security products (both hardware and software) to make sure they meet our standards. . What our evaluations provide Our Evaluated Products List (EPL) provides a list of ICT products that we have assessed so you can be confident will perform the way the vendor claims. We perform the following types of evaluations: Australasian Information…
Information security evaluation

Australasian Information Security Evaluation Program (AISEP)

Jul 10, 2018 - The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies ICT products for use in Australian and New Zealand government agencies to protect official information and communications systems. The results of successful evaluations are published on the Evaluated Products List (EPL) and the internationally-recognised Common Criteria (CC) Portal. . What the AISEP provides…
Frequently asked question icon

Why doesnt the EPL publish all mutually-recognised CC evaluations?

Jul 1, 2018 - Common Criteria Recognition Arrangement (CCRA) participating nations do not duplicate the publication of mutually-recognised certified products on each of their certified products lists (for the AISEP, this is the EPL). In accordance with the CCRA, certificates published on the CC Portal that are EAL 1 through 2 are instantly mutually recognised by Australia and New Zealand and, therefore, the Evaluated Products List (…

What is the ISM and how is it related to the EPL?

Jul 1, 2018 - The Australian Government Information Security Manual (ISM) provides policies and guidance on security controls to Australian Government agencies on how to protect their ICT systems. It provides guidance on selecting ICT security products from the EPL. .

What is the historical EPL and where can I find it?

Jul 1, 2018 - The historical EPL contains certified products that were previously listed on the EPL. .

What is the EPL and where can I find it?

Jul 1, 2018 - The Evaluated Products List (EPL) serves two purposes: It fulfils the AISEP's requirement of the CCRA to publish a list of AISEP-certified products It provides a comprehensive list of ACSC-evaluated ICT security products that meet the needs of Australian and New Zealand government agencies in securing official resources in accordance with the Information Security Manual (ISM). The EPL publishes:.
IT Security

Submitting ICT security products for evaluation

Jul 1, 2018 - If you are an industry consultant or a product developer and would like your product evaluated, use the following checklist: Step 1 Conduct background research on government agency security needs through the Australian Government Information Security Manual (ISM) and/or the NZ ISM For an AISEP evaluation, refer to the AISEP publications to understand the management and operations of the AISEP. Step 2 Contact Australian…
Digital Evaluation

Recommendation for ACSC evaluation

Jul 1, 2018 - You can submit a letter of recommendation for evaluation up to EAL2 where there isnt yet an ACSC-approved Protection Profile for the relevant technology. Submit your evaluation request using this letter of recommendation for evaluation template. The letter of recommendation for evaluation serves three main purposes: It provides a record and helps with tracking. It helps us communicate with you during the evaluation. It…