AISEP: Australasian Information Security Evaluation Program
Security of computer systems is as critical as the information they hold. For Australian Government users there are an increasing number of security products available on the market. So, how can a business or a Government agency rely on a product providing the security that is required? How can they be sure the people who built the product thought of all eventualities? Relying on faulty security may be worse than having no security at all.
Information Security Product Evaluation against a recognised criteria provides assurance that a security product will provide the security expected whenever it is required.
The Evaluated Product List (EPL) assists in the selection of products that will provide an appropriate level of information security.
About the AISEP Scheme
Background
The Australian and New Zealand public and private sectors are increasingly reliant on information technologies. The use of computer systems and networks offers many benefits, but there are also risks associated with their use. This is of particular concern to government agencies and organisations that provide critical services.
Users need confidence that products providing security functionality
for their IT systems perform as claimed by the vendor and/or developer.
This confidence is best achieved through an impartial assessment of the
product by an independent entity against clearly identified security claims
using internationally recognised criteria.
.
In June 1994, DSD announced the establishment of the Australian Information
Security Evaluation Program, which essentially outsourced IT security
evaluation activities to licensed commercial evaluation facilities, with
DSD acting as an oversight body. Australia and New Zealand merged their
evaluation and certification capabilities in 1998, and the program was
renamed the Australasian Information Security Evaluation Program (AISEP).
DSD's certification body, the Australasian Certification Authority (ACA)
performs oversight and certification activities for the AISEP. The AISEP
uses the internationally recognised criteria Common Criteria (CC) ISO
15408 and the Information Technology Security Evaluation Criteria (ITSEC).
Purpose
The AISEP mission statement is:
The Australasian Information Security Evaluation Program (AISEP) exists
to ensure the ready availability of a comprehensive list of independently
assured IT products that meet the needs of Australian and New Zealand
government agencies in securing their official resources.
The Program offers IT security vendors the opportunity to benchmark their products against international standards. Successful completion of evaluation provides consumers with a defined level of assurance that a product will meet its stated security objectives (defined in the product's Security Target).
If you would like more information on any aspect of the AISEP, please contact us.