Q:When can you begin the Cryptographic evaluation?
An ACSC Cryptographic evaluation can only be performed on products which have been certified via a recognised Common Criteria (CC) scheme, in Australia or overseas. The CC Security Target and Certification Report must be published/publicly available before we can begin our evaluation. The evaluation start date is also subject to information provided by the vendor.
For products undergoing CC evaluation in the AISEP, when we start the Cryptographic evaluation will depend on when information is provided and the ICT product itself (hardware vs software). The letter of recommendation for evaluation also determines the priority of the evaluation.
We will advise vendors when we are starting the Cryptographic evaluation.
We encourage vendors to be proactive in seeking advice and to cooperate by providing information to facilitate our evaluation process.