Skip to main content


The ACSC has taken over maintenance of the Evaluated Products List (EPL) from ASD.

The EPL is a list of ICT security products evaluated by ACSC, and previously the ASD, for use in Australian and New Zealand government agencies.

  • Evaluated Products on the EPL may be used to build secure systems and networks as described in the Australian Government Information Security Manual (ISM).
  • Products listed here have undergone one or more of ASD's evaluation programs and are listed according to the highest assurance to which they have been evaluated.
  • Additional products listed on the Common Criteria Portal's Certified Products list are considered Evaluated Products for purposes of the ISM.The Common Criteria Mutual Recognition Arrangement means these products are recognised at the EAL2 level, or against the relevant appropriate Protection Profiles of their evaluation.These products do not need to be dual-listed on the EPL.
  • Users of the EPL should ensure that their intended use of a product is consistent with the documentation provided on the product's EPL (or Common Criteria Portal) entry.


High Assurance Evaluation Program

Oct 17, 2019 - The High Assurance evaluation program involves rigorous analysis and testing to search for any security vulnerabilities in a product.

ASD Cryptographic Evaluation Program

Oct 17, 2019 - The ASD Cryptographic Evaluation (ACE) program analyses products to determine whether their security architecture and cryptographic algorithms have been implemented correctly and are strong enough for the product's intended use.

Evaluated Products List

Oct 3, 2019 - The Evaluated Products List (EPL) is a list of products that have been evaluated via the ASD Cryptographic Evaluation (ACE) program or the High Assurance evaluation program. For a list of products certified via the Australasian Information Security Evaluation Program (AISEP), see the Certified Products List (CPL) on the Common Criteria website.