Latest  frequently asked questions

Q: What is NZ ISM and how is it related to the EPL?

A: The New Zealand Information Security Manual (NZ ISM) provides policy and guidance for New Zealand government agencies. read more

Q: What is a Target of Evaluation (TOE)?

A: The Target of Evaluation (TOE) specifies the components of an ICT product that is being evaluated. CC evaluations require the TOE to be identified through security functions, interfaces and policies. The AISEP Policy Manual provides additional information about the TOE. ICT product developers may … read more

Q: What is a consumer guide?

A: Consumer guides are found on the EPL and are for the benefit of Australian Government agencies. We publish a consumer guide for all ICT security products for which we have performed a Cryptographic evaluation and sometimes where we deem clarification of use for Australian Government is necessary. … read more

Q: What is an AISEP Acceptance Package (AAP)?

A: The AAP contains documents prepared by the developer and AISEF, containing the Security Target (ST) and Protection Profile (PP) (if relevant) and proposed timelines for evaluation. The ST is a major component of the AAP and specifies the security requirements of the Target of Evaluation (TOE) to be … read more

Q: What is an Australasian Information Security Evaluation Facility (AISEF)?

A: An Australasian Information Security Evaluation Facility (AISEF) is an ACA-approved commercial facility that is licenced to perform AISEP evaluations and has been accredited by the National Association of Testing Authorities (NATA) to conduct CC evaluations. read more

Q: What is an Evaluation Assurance Level (EAL)?

A: An Evaluation Assurance Level (EAL) is a number assigned to a Common Criteria (CC) evaluation and certificate. It is being superseded by Protection Profiles. read more

Q: What is the AISEP mission statement?

A: AISEP exists to ensure the ready availability of a list of independently- assured ICT security products that meet the needs of Australian and New Zealand government agencies in securing their official resources in accordance with the Information Security Manual (ISM). read more

Q: What is the Australasian Information Security Evaluation Program (AISEP)?

A: AISEP is Australia and New Zealand’s combined Common Criteria (CC) evaluation and certification scheme. The ACSC administers and manages the AISEP policy and Common Criteria evaluations performed in Australia. read more

Q: What is the Common Criteria (CC)?

A: The Common Criteria for Information Technology Security Evaluation is referred to as the CC. It is a standard for evaluating ICT security products against two types of requirements:  security functional requirements  security assurance requirements. A CC-evaluated ICT security product is certified … read more

Q: What is the Common Criteria Recognition Arrangement (CCRA) and mutual recognition?

A: The CCRA is an international agreement between CC certificate-producing and certificate-consuming nations to recognise CC certifications for Evaluation Assurance Levels (EAL) 1 through 2. Through AISEP, Australia and New Zealand are joint certificate-producing members of the CCRA. … read more

Q: What is the EPL and where can I find it?

A: The Evaluated Products List (EPL) serves two purposes: It fulfils the AISEP’s requirement of the CCRA to publish a list of AISEP-certified products It provides a comprehensive list of ACSC-evaluated ICT security products that meet the needs of Australian and New Zealand government agencies in … read more

Q: What is the ISM and how is it related to the EPL?

A: The Australian Government Information Security Manual (ISM) provides policies and guidance on security controls to Australian Government agencies on how to protect their ICT systems. It provides guidance on selecting ICT security products from the EPL. read more