Defence Signals Directorate Reveal their secrets....Protect our own

AISEP: Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program

Security of computer systems is as critical as the information they hold. For Australian Government users there are an increasing number of security products available on the market. So, how can a business or a Government agency rely on a product providing the security that is required? How can they be sure the people who built the product thought of all eventualities? Relying on faulty security may be worse than having no security at all.

Information Security Product Evaluation against a recognised criteria provides assurance that a security product will provide the security expected whenever it is required.

The Evaluated Product List (EPL) assists in the selection of products that will provide an appropriate level of information security.

About the AISEP Scheme

Background

The Australian and New Zealand public and private sectors are increasingly reliant on information technologies. The use of computer systems and networks offers many benefits, but there are also risks associated with their use. This is of particular concern to government agencies and organisations that provide critical services.

Users need confidence that products providing security functionality for their IT systems perform as claimed by the vendor and/or developer. This confidence is best achieved through an impartial assessment of the product by an independent entity against clearly identified security claims using internationally recognised criteria.
.
In June 1994, DSD announced the establishment of the Australian Information Security Evaluation Program, which essentially outsourced IT security evaluation activities to licensed commercial evaluation facilities, with DSD acting as an oversight body. Australia and New Zealand merged their evaluation and certification capabilities in 1998, and the program was renamed the Australasian Information Security Evaluation Program (AISEP). DSD's certification body, the Australasian Certification Authority (ACA) performs oversight and certification activities for the AISEP. The AISEP uses the internationally recognised criteria Common Criteria (CC) ISO 15408 and the Information Technology Security Evaluation Criteria (ITSEC).

Purpose

The AISEP mission statement is:
The Australasian Information Security Evaluation Program (AISEP) exists to ensure the ready availability of a comprehensive list of independently assured IT products that meet the needs of Australian and New Zealand government agencies in securing their official resources.

The Program offers IT security vendors the opportunity to benchmark their products against international standards. Successful completion of evaluation provides consumers with a defined level of assurance that a product will meet its stated security objectives (defined in the product's Security Target).

If you would like more information on any aspect of the AISEP, please contact us.