Latest  frequently asked questions

Q: What is the difference between an AISEP evaluation and an AISEP certification?

A: AISEP evaluations are conducted by an AISEF. AISEP certification is performed by us. An AISEP evaluation applies the CC Evaluation Methodology (CEM) against CC assurance requirements. The evaluation aims to produce a standardised and repeatable result that facilitates mutual recognition of … read more

Q: What is the historical EPL and where can I find it?

A: The historical EPL contains certified products that were previously listed on the EPL. These products were removed from the EPL for one or more of the following reasons:  the evaluated product and/or version is no longer available in the original evaluated form  the evaluated product is no longer … read more

Q: What tests are performed during a Cryptographic evaluation?

A: We conduct a combination of open source and in-house tests to ensure the correct implementation of encryption algorithms as well as assessing the quality of the surrounding cryptographic architecture. Depending on the type and technology of ICT security product undergoing evaluation, testing might … read more

Q: When can you begin the Cryptographic evaluation?

A: An ACSC Cryptographic evaluation can only be performed on products which have been certified via a recognised Common Criteria (CC) scheme, in Australia or overseas. The CC Security Target and Certification Report must be published/publicly available before we can begin our evaluation. The evaluation … read more

Q: Which nations participate in the CCRA?

A: Have a look at CCRA participants on the CC Portal. read more

Q: Who is the Australasian Certification Authority (ACA) and what do they do?

A: The Australasian Certification Authority (ACA) is the certifying body in Australia and New Zealand for CC evaluations. The ACA is part of the ACSC and implements the AISEP scheme by setting the standards and monitoring the quality of evaluations conducted by the Australasian Information Security … read more

Q: Who owns the AISEP?

A: The ACSC and New Zealands Government Communications Security Bureau (GCSB) are dual signatories to the AISEP as a Common Criteria (CC) certificate producing scheme. We are the certifying body for both Australia and New Zealand. read more

Q: Why do we have the AISEP?

A: Australian and New Zealand government agencies, as consumers, have a reasonable expectation that information contained in ICT security products and systems are secure. When an independent evaluation is performed on the security functionality of an ICT security product, consumers have greater … read more

Q: Why do you need source code to perform the evaluation?

A: We need to independently review the source code to be confident in the implementation and architecture of the cryptographic security. Providing source code usually expedites the evaluation. read more

Q: Why doesnt the EPL publish all mutually-recognised CC evaluations?

A: Common Criteria Recognition Arrangement (CCRA) participating nations do not duplicate the publication of mutually-recognised certified products on each of their certified products lists (for the AISEP, this is the EPL). In accordance with the CCRA, certificates published on the CC Portal that are … read more