About the AISEP

The Australasian Information Security Evaluation Program (AISEP) is the Common Criteria (CC) evaluation scheme implemented by Australia and New Zealand to evaluate and certify ICT (information and communications technology) products and systems.

The results of successful evaluations are published on the Australian Signals Directorate (ASD) Evaluated Products List (EPL) and the internationally-recognised CC Portal.

Purpose

The purpose of the AISEP is to ensure the ready availability of a comprehensive list of independently-assured ICT products and systems that meet the needs of Australian and New Zealand government agencies in protecting their official information and communications systems.

Security of computer systems is as critical as the information they hold. There are an increasing number of security products available on the market for Australian and New Zealand government users. So, how can a government agency rely on a product to provide the security that is required? How can a government agency be sure the product developer thought of all eventualities? Relying on faulty security may be worse than having no security at all. An information security product evaluation, carried out using internationally-recognised IT security evaluation criteria, provides assurance that the product will perform as claimed by the developer.

The AISEP provides the framework for licensed commercial evaluation facilities, called Australasian Information Security Evaluation Facilities (AISEFs), to conduct the security evaluation of IT products and systems. The Australian Signals Directorate (ASD), the Australian national authority on information security, certifies the results of the evaluation tasks performed under the program and publishes the results on the EPL.

Background

In June 1994, DSD announced the establishment of the Australian Information Security Evaluation Program.

Initially, evaluations in Australia were undertaken solely in accordance with the European Information Technology Security Evaluation Criteria (ITSEC) standard. The ITSEC has been replaced by the internationally-recognised CC as the sole IT security evaluation criteria for the program.

Australia and New Zealand merged their evaluation and certification capabilities in 1998, the same year that the AISEP began adopting CC ISO 15408 as the approved IT security evaluation criteria, and the program was renamed the Australasian Information Security Evaluation Program.

DSD was renamed the Australian Signals Directorate (ASD) in 2013.

ASD's certification body, the Australasian Certification Authority (ACA), performs oversight and certification activities for the AISEP and resides within ASD.