The Common Criteria Portal [opens new window] lists all certified products which have been automatically recognised by the AISEP under the Common Criteria Recognition Arrangement (CCRA).

All products listed on DSD's website, the Common Criteria Portal, and CESG's website, are considered to be included on DSD's EPL. Products evaluated under the Common Criteria are recognised through the CCRA, an international agreement to recognise product evaluations performed by other certificate-producing countries. CESG's ITSEC evaluations are recognised through a Memorandum of Understanding with the United Kingdom. Only ITSEC evaluations performed under the UK evaluation scheme are eligible for recognition in the AISEP.

While these international certifications are recognised by the AISEP, most of the products have not been reviewed by DSD. A DSD review results in a cryptographic evaluation where relevant, and a Consumer Guide summarising appropriate use of the product for the Australian Government. Where multiple products meet an agency's functional needs, Australian Government agencies are required to give preference to products that have been reviewed by DSD. (See ACSI 33 for further information on product selection.)

Agencies wishing to use an overseas CC or UK ITSEC certified product are encouraged to sponsor the product into a DSD review. The sponsorship letter must be on agency letterhead and signed by a senior agency staff member. The sponsorship letter should contain similar wording to that shown below. This text may be copied and the necessary information inserted.

 

Example Sponsor Letter:
_____

Senior Manager, Evaluation and Industry Liaison
Information Security Group
Locked Bag 5076
Kingston ACT 2604

(Insert agency name) request the DSD to write a consumer guide and where appropriate perform a cryptographic evaluation for (insert product name) for Australian Government use.

The product has been certified in (insert country in which the product has been evaluated) at the (insert assurance level of evaluated product). For your convenience here is the hyperlink to the product's evaluation certificate, the Security Target and the Validation Report: (insert hyperlink).

Select the appropriate sentence:

1. (Insert agency name) is already using the product.

OR

2. The product has not been acquired, however (insert agency name) is investigating its potential to [address (insert security challenge) | enhance and/or maintain ACSI33 compliance for (insert compliance concern)]. The contact officer for this potential acquisition is (insert agency contact name).

Note:
To enable the DSD cryptographic assessment to progress smoothly, please supply the product developer's contact details.

If you are seeking a certified product that has not yet been added to the Common Criteria Portal site, please check the sites of the individual CCRA schemes.

For a full list of CCRA certified products, please go to the Common Criteria Portal (opens new window).