Defence Signals Directorate Reveal their secrets....Protect our own

AISEP: Australasian Information Security Evaluation Program

The AISEP is the Common Criteria (CC) evaluation scheme implemented by Australia and New Zealand to evaluate and certify Information Technology (IT) products and systems. The results of successful evaluations are published on the Defence Signals Directorate (DSD) Evaluated Product List (EPL) and the internationally recognised CC Portal.

About the AISEP Scheme

Background

In June 1994, Defence Signals Directorate (DSD) announced the establishment of the Australian Information Security Evaluation Programme. Initially, evaluations in Australia were undertaken solely in accordance with the European Information Technology Security Evaluation Criteria (ITSEC) standard. The ITSEC has been replaced by the internationally recognised CC,as the sole IT security evaluation criteria for the program. Australia and New Zealand merged their evaluation and certification capabilities in 1998, the same year that the AISEP began adopting the CC ISO 15408 as the approved IT security evaluation criteria, and the program was renamed the Australasian Information Security Evaluation Program (AISEP). DSD's certification body, the Australasian Certification Authority (ACA) performs oversight and certification activities for the AISEP and resides within DSD.

Purpose

The purpose of the AISEP is to ensure the ready availability of a comprehensive list of independently assured IT products and systems that meet the needs of Australian and New Zealand Government departments and agencies in protecting their official communication and information systems.

Security of computer systems is as critical as the information they hold. There are an increasing number of security products available on the market for Australian and New Zealand Government users. So, how can a government agency rely on a product to provide the security that is required? How can a government agency be sure the product developer thought of all eventualities? Relying on faulty security may be worse than having no security at all. An information security product evaluation, carried out using internationally recognised IT security evaluation criteria, provides assurance that the product will perform as claimed by the developer.

The AISEP provides the framework for licensed commercial evaluation facilities, called Australasian Information Security Evaluation Facilities (AISEFs), to conduct the security evaluation of IT products and systems. DSD, the Australian national authority on information security matters, certifies the results of the evaluation tasks performed under the program and publishes the results on the EPL.