Submitting ICT security products for evaluation
If you are an industry consultant or a product developer and would like your product evaluated, use the following checklist:
Conduct background research on government agency security needs through the Australian Government Information Security Manual (ISM) and/or the NZ ISM
For an AISEP evaluation, refer to the AISEP publications to understand the management and operations of the AISEP.
Contact Australian and/or New Zealand government agencies to gauge their interest in using and recommending your product for evaluation. You are not limited to one letter of recommendation per evaluation; additional recommendations can increase evaluation priority.
Your product will only be considered if its use presents a benefit to Australian and New Zealand government agencies.
All evaluations must be recommended by an Australian or New Zealand government agency in accordance with the recommendation process.
Arrange for an Australian or New Zealand government agency to write a letter of recommendation for evaluation and contact us to advise of your involvement in the evaluation request, indicating that you are the product developer.
Note: AISEP evaluation entry requirements differ from our Cryptographic evaluations and High assurance evaluations. The letter template for use by the government agency provides details.
If you are a product developer seeking an AISEP evaluation, contact as many Australasian Information Security Evaluation Facilities (AISEFs) as you want to discuss the costs, time frames and advice on potential AISEP evaluation.
For an AISEP evaluation, when you are prepared to accept the responsibilities, costs and time commitment of an AISEP evaluation, engage an AISEF to prepare the AISEP Acceptance Package (AAP) deliverables for submission to us.
We will send the recommending government agency, and AISEF if applicable, a letter to show formal acceptance of the product into evaluation and the EPL will be updated to show the product as In evaluation.