Australasian Information Security Evaluation Program (AISEP)

The Australasian Information Security Evaluation Program (AISEP) evaluates and certifies ICT products for use in Australian and New Zealand government agencies to protect official information and communications systems. The results of successful evaluations are published on the Evaluated Products List (EPL) and the internationally-recognised Common Criteria (CC) Portal.

What the AISEP provides

The AISEP provides the framework for licensed commercial evaluation facilities, called Australasian Information Security Evaluation Facilities (AISEFs), to conduct security evaluations of IT products and systems. We oversee AISEP product testing by licensed commercial evaluation facilities.

We certify the results of the evaluation tasks performed under the program and publish the results on the EPL.

How to get a product evaluated

All evaluations must be recommended by an Australian or New Zealand government agency in accordance with the recommendation process.

Advice on requesting an ACSC evaluation is also available for developers and distributors of ICT products.

AISEP interpretations

Sometimes AISEP stakeholders need additional interpretation or clarification about our accepted IT security evaluation criteria or AISEP publications. This process is called an AISEP request for interpretation. Further detail is provided in the AISEP Policy Manual (PDF). Our current interpretations are:

Common Criteria documentation

The Common Criteria Recognition Arrangement (CCRA) is an international agreement of information security evaluation programs to mutually recognise certified products on each of their certified products lists

The guiding documentation for the CCRA is: