Historical Evaluated Products List
Introduction
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable, or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
Customers Note
A product which has been withdrawn from the EPL is no longer considered to meet the assurance criteria for its claimed security features for Australian government consumers. This makes the product unable to fulfill its security objectives. Users of products that have been withdrawn from the EPL should consider changing to other evaluated products to meet their security needs. DSD can be consulted in order to determine what alternative products exist on the EPL.
Network Security Products
Firewalls
Products in this sub-section are generically termed firewalls and may provide a variety of functionality such as packet filtering, network address translation, application proxies, virtual private networks and remote firewall management.
The following products have been evaluated under the Australasian Information Security Evaluation Program (AISEP) against the ITSEC or the Common Criteria.
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
|
Version: 4.1.1 |
 |
||||
Product Type: Network Security Products - Virtual Private Network Certificate Details: Certificate 2000/15, October 2000 Assurance Level: CC EAL1 Evaluation Facility: CSC Australia [opens new window] Manufacturer: KyberPASS Corporation Australian Reseller: Information Sources Australia Pty Ltd
|
KyberPASS Secure-Session VPN is a middleware client/server software product that uses a PKI to provide the following network security services:
|
SunScreen SPF-100G Version: 1.0 |
 |
|---|---|
Product Type: Network Security - Firewalls Status: Certificate 96/01, December 1996No Longer Available Assurance Level: ITSEC E1 Evaluation Facility: CSC Australia (opens new window) Manufacturer: Sun Microsystems Dealer: Sun Microsystems Australia (opens new window) |
The SunScreen SPF-100G is a network security system which provides firewall services. It may be used to protect a private network from unauthorised Internet access or for screening off part of an internal network from other parts of that network. It uses stateful, dynamic packet screening and rules based technology to filter at the packet level while retaining application level intelligence. The rule sets are completely customisable. An Administration Station enables the management of SunScreen safely and securely within a network through a protected communications channel. A GUI is supplied and one Administration Station can manage any number of SunScreen units. NOTE: This certificate refers only to the SPF-100G version of the product. |
|
Version: 3.0 (Build 150) |
 |
|---|---|
Product Type: Network Security - Firewalls Status: Certified 8 January 1999 USA Scheme Assurance Level: CC EAL2 Evaluation Facility: CSC (opens new window) Distributor: Lucent Technologies
Please Note: The Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
The purpose of the Lucent Managed Firewall is to provide controlled and audited access to specific Internet Protocol (IP) services, both from inside and outside an organisation's network, by allowing, denying and/or redirecting the flow of data through the firewall. The Lucent Managed Firewall selectively routes information flows among internal and external networks according to a site's security policy rules. By default, these security policy rules deny all inbound information flows. Only an authorised administrator has the authority to change the security policy rules. The Lucent Managed Firewall has the ability to make filtering decisions based on the source IP address, destination IP address, transport layer protocol, source port, destination port, and on the interface on which the packet arrives or goes out. The Lucent Managed Firewall architecture consists of two physically distinct components: the firewall appliance, which controls the flow of traffic between network interfaces; and the Security Management Server, which allows the System Administrator and Zone Administrators to manage the firewall appliance. the firewall functions is physically separated from its management server, with the firewall code running on Inferno(™), a Bell Labs-developed operating system. The evaluated Lucent Managed Firewall Security Management Server runs on the Windows NT(™) platform. A non-evaluated version of the Security Management Server is available for the Sun Solaris operating system. |
|
Version: 4.0 (Build 199) |
|
|---|---|
Product Type: Network Security - Firewalls Status: Certified February 2000 USA Scheme Assurance Level: CC EAL2 Evaluation Facility: CSC Australia (opens new window) Distributor: Lucent Technologies
Please Note: The Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
The purpose of the Lucent Managed Firewall is to provide controlled and audited access to specific Internet Protocol (IP) services, both from inside and outside an organization's network, by allowing, denying, and/or redirecting the flow of data through the firewall. The Lucent Managed Firewall selectively routes information flows among internal and external networks according to a site's security policy rules. By default, these security policy rules deny all inbound information flows. Only an authorized administrator has the authority to change the security policy rules. The Lucent Managed Firewall has the ability to make filtering decisions based on the source IP address, destination IP address, transport layer protocol, source port, destination port, and on the interface on which the packet arrives or goes out. The Lucent Managed Firewall architecture consists of two physically distinct components: the firewall appliance, which controls the flow of traffic between network interfaces; and the Security Management Server, which allows the System Administrators and Zone Administrators to manage the firewall appliance. The firewall function is physically separated from its management server, with the firewall code running on Inferno(™), a Bell Labs-developed operating system. The evaluated Lucent Managed Firewall Security Management Server runs on the Windows NT(™) platform. A non-evaluated version of the Security Management Server is available for the Sun Solaris Operating System. |
|
Version: 4.0 (SP 5) |
 |
||||
|---|---|---|---|---|---|
Product Type: Networking Status: Certified 29 October 1999 USA Scheme Assurance Level:CC EAL2 Evaluation Facility: CSC Australia (opens new window) Distributor: Check Point Software Technologies, Inc.
|
The evaluated Check Point Firewall-1 Version 4.0 is referred to as the Target of Evaluation (TOE). The TOE configuration consists of one physical component executing:
The Firewall-1 is a firewall employing a hybrid application-level gateway and packet filtering called Stateful Multilayer Inspection. The technology utilises packet filtering's performance and scalability and the security of an application gateway. As an Application-level Firewall, the Firewall-1 mediates flows between clients and servers located on internal and external networks governed by the firewall. An application-level firewall may employ security servers to screen information flows. Security servers on the Firewall-1 for FTP and Telnet, require authentication at the firewall by client users before requests for such services can be authorised. Only valid requests are relayed to the actual server on either an internal or external network. As a Traffic-filter Firewall, the Firewall-1 selectively routes information flows between an internal and an external network according to a site's security policy rules, the default policy being deny all. Only an authorised administrator has the authority to change the security policy rules. Traffic filtering decisions are made on the source address, destination address, transport level protocol, source port, destination port, and are based on the interface on which the packet arrives or goes out. The Firewall-1 Inspection Engine applies full application-level security but doesn't permit packets to reach full application level security but doesn't permit packets to reach the operating system of the machine the firewall sites on. Additionally, the firewall imposes traffic-filtering controls on information flows mediated by the firewall. |
|
2in1 PC(T) Version: 1.21 |
|
||||
|---|---|---|---|---|---|
|
Product Type: Network Security - Trusted Network Separation Status: Certified 21 June 1999 USA Scheme Assurance Level: CC EAL2 Evaluation Facility: COACT, Inc., CAFE Lab Distributor: Voltaire Advanced Data Security Vendor Contact: Gary D. Markin
|
The 2in1 PC is a hardware based security device developed by Voltaire Advanced Data Security. The 2in1 PC is an ISA slot PC card that provides a single PC the ability to securely access two physically separate networks, a Public (B) and a Secure (A) network. This security is achieved through the use of a hardware based security controller that manages the PC's connectivity between the two networks and the hard disk partitions associated with each network. The 2in1 PC operates on a single AT compatible PC running MS-DOS, Microsoft Windows 3.x, Windows 95, Windows 98, Windows NT (Versions 3.1 and 4), OS/2, SCO and LINUX operating systems. The PC must include either one or two IDE-ATA compatible hard drives. If the host PC consists of only one hard drive, then the following disk partitions are created during the installation, a Transition, Public (B), Secure (A) and an optional partition labelled Functional. If the host PC consists of two hard drives, then the first disk, the master, includes the same partitions as in the one disk configuration while the second disk, the slave, is solely dedicated as an extension to either the Public (B) or the Secure (A) disk partition. |
|
Cisco PIX Firewall Version: 4.1 (6) |
 |
|---|---|
|
Product Type: Network Security - Firewalls Certificate Details: 98/05, July 1998 Assurance Level: ITSEC E1 Evaluation Facility: CSC Australia (opens new window) Manufacturer: CISCO Systems Distributor: Cisco Systems Australia (opens new window) Level 1, 18 & 20 Brindabella Circuit Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
Cisco Private Internet Exchange (PIX) is a network security system which provides both firewall services and network translation services (dynamic address translation). It may be used to protect internal private networks from external networks, or to protect an internal sub-network from the enterprise network. It uses a process called Cut-Through Proxies and Adaptive Security. The Adaptive Security feature applies to the dynamic translation connections and can be applied to static translation connections where every inbound packet is checked against the Adaptive Security algorithm and against connection state information in memory. An Identity feature lets NIC-registered IP addresses pass through the firewall without address translation while still retaining Adaptive Security. PIX has a Failover capability where two PIX firewalls are run in parallel, and if one malfunctions, the second transparently maintains the security operations. |
CISCO Packet Level Encryption with Remote Management
Version: Cisco IOS 11.2(16), 11.2(16)P, 11.2(21), 11.2(21)P, 11.3(6), 11.3(6)AA1, 11.3(6)T, 11.3(6)T1, 11.3(11a), 11.3(11a)T1, 12.0(8), 12.0(7)T & VIP Encryption Port Adapter |
|
|---|---|
|
Product Type: Network Security - Network Encryption Certificate Details: 97/02, October 1997 (Extended March 1999) Assurance Level: ITSEC E1 Evaluation Facility: CSC Australia (opens new window) Manufacturer: Cisco Systems Dealer: Cisco Systems Australia Level 1, 18 & 20 Brindabella Circuit
Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
Network data encryption and router authentication together provide a means to safeguard network data that travels from one Cisco router to another, across unsecured networks. Network data encryption is provided at the IP packet level. IP packet encryption prevents eavesdroppers from reading the data that is being transmitted. When IP packet encapsulation is used, IP packets can be seen during transmissions, but the IP packet contents (payload) cannot be read. Specifically, the IP header and upper-layer protocol (TCP or UDP) headers are not encrypted, but all payload data within the TCP or UDP packet will be encrypted and therefore not readable during transmission. Cisco IOS has a flexible network-level encryption solution that encrypts on specified pairs of networks, subnets hosts, or IP protocols. Cisco uses public key cryptography to authenticate each router participating in an encrypted connection, and to exchange encrypted session keys. DES(56 bit) encryption for high-performance bulk encryption of the actual network data. The routers negotiate their connection using Diffie-Hellman key exchange, thus protecting sensitive keys while transiting the public network. Cisco's encryption solution has high bandwidth confidentiality with assurance that the encrypted traffic originates from the correct location and is not being injected midstream by an interloper. The encryption feature can be configured with a simple keyword extension to an IP access list. Network managers can specify each router that is permitted to raise an encrypted connection and the traffic that must be encrypted by origin and destination. For example, a manger can elect to encrypt all traffic between remote networks, all traffic between two financial offices, e-mail between administrative machines, or SQL databases queries from a remote site to a central database server. When implemented with Cisco's Generic Routing Encapsulation (GRE) tunnels, network-layer encryption can also deploy multiprotocol encrypted virtual private networks (VPNs), integrating remote, trusted LANs and users. Such secure, multiprotocol tunnels make the Internet a viable replacement for many private Corporate WANs or private backbones. Secure remote management of Cisco Routers can be facilitated through the establishment of specific management VPNs and the use of SNMP. |
|
Models: C8800500, C8810500, C8820500 and C885040 Version: 1.02 |
|
|---|---|
|
Product Type: Network Security - Network Encryption Certificate Details: 97/03, November 1997 Assurance Level: ITSEC E1 Evaluation Facility: Admiral Manufacturer: SecureNet Limited Dealer: SecureNet Limited (opens new window) 9-11 Napier Close Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
The SecurNET HSP series are high-speed, hardware DES based encryptors designed to secure connections for Local and Wide Area Networks (LANs and WANs). The encryptors are independent of other network equipment and provide encryption at the IP layer for end-to-end connectivity. Closed User Groups can be set up to selectively pass, encrypt or block IP traffic. A hardware based random noise source is used to generate session keys which are regularly exchanged. All units are initialised with a secret key provided by an authorised source. The encryptors have tamper prevention mechanisms to prevent unauthorised access. The security policy can be configured on a host, subnet, or network basis using IP addresses. It can be maintained independently from other data communications equipment and applications. The SecurNET HSP can interoperate with the SecurPAC IEM for secure remote access. This means secure intranet's and even Virtual Private Networks (VPNs) can be established over the Internet. A Frame Relay only version is also available. This encrypts at the Frame Relay level on an individual DLCI basis. A Closed User Group can be configured to selectively pass, encrypt, or block Frame Relay frames. This series of products supports V.35, RS422, X.21/V.11 and V.24 connections for Frame Relay, and AUI connections for Ethernet. The speeds supported range from 0 to 2 Mbps for Frame Relay and up to 10 Mbps for Ethernet. |
|
Models: C8605010, C8607010, C8700010 and C8720010 Version: 1.01 |
|
|---|---|
|
Product Type: Network Security - Network Encryption Certificate Details:97/04, November 1997 Assurance Level: ITSEC E1 Evaluation Facility: Admiral Manufacturer: SecureNet Limited Dealer: SecureNet Limited (opens new window) 9-11 Napier Close Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
The SecurPAC IEM series are hardware DES based modem encryptors. The modem comes as either a standard V.34 modem or can include an ISDN TA. It can be supplied in a desktop model or as a PC Card (PCMCIA). The modem can perform encryption on a bytewise basis for point-to-point connectivity. In this mode the unit is protocol independent. Alternatively, the encryptor can be configured to encrypt at the IP layer. In this mode, secure connections can be made over IP based networks such as the Internet. In this mode, the SecurPAC IEM interoperates with the SecurNET HSP. A hardware based random noise source is used to generate session keys which are regularly exchanged. All units are initialised with a secret key provided by an authorised source. The encryptors have tamper prevention mechanisms to prevent unauthorised access. A password can be used to enable the units. The SecurPAC IEM series supports modem speeds up to 28.8 Kbps. A single B channel to 64 Kbps in the ISDN mode is also supported. |
|
Secure-IT Gauntlet Version: 3.2 on BSDI Version 2.1 |
 |
|---|---|
|
Product Type: Network Security - Firewalls Status: Certificate 1998/08, August 1998 Assurance Level: ITSEC E3 Evaluation Facility: CSC Australia (opens new window) Manufacturer: Softway Pty Ltd with Network Associates Distributor: SecureNet Limited Level 3
Please Note: The Security Target and Certification Report for this product is currently unavailable. For further information please contact the AISEP. |
Secure-IT Gauntlet is a hardware and software-based firewall system designed to provide secure access and internetwork communications between private, trusted networks and public, untrusted networks, such as the Internet, or between subnets within a private network. Secure-IT Gauntlet also allows the creation of Virtual Private Networks (VPNs) between authorised peer networks. Traffic travelling on the Internet between protected peer networks can be hidden through IP-level encryption using the Data Encryption Standard (DES). The Secure-IT Gauntlet Firewall is an application-level proxy based firewall with the following features:
Secure-IT Gauntlet includes proxies for the following services; Terminal Services (TELNET, RLOGIN); Electronic Mail (SMTP); World Wide Web (HTTP, FTP, SSL and SHTTP); Gopher. The HTTP proxy supports JavaGuard, which can block Java applets. |
Virtual Private Networks
|
Versions: Cisco VPN 3002, 830 and PIX 501 Hardware Clients (version 4.7.2.D for 3002, 3002-8E, version 12.4(5a) for 831, 837 and version 6.3(5) for PIX 501) Cisco VPN Software Clients (version 4.8.00 for Windows, Linux and version 4.6.02 for Solaris) Certicom Movian Software Clients (version 4.0 for PocketPC 2002, PalmOS) Worldnet21 AnthaVPN Software Client (version 5.6.2 for Windows CE.NET 4.2) Cisco Secure ACS (version 4.0 for Windows 2000 Server)
|
|
||||
|---|---|---|---|---|---|
Product Type: Network Security Certificate Details: 2007/42, May 2007 Assurance Level: EAL2 Evaluation Facility: CSC Australia Manufacturer: Cisco Systems Inc Dealer: Cisco Systems Inc
|
The Cisco Remote Access VPN enables trusted end systems such as desktop computers and notebooks, handheld computers and PDAs, and small trusted LANs, to establish secure connections to a trusted network over anuntrusted network. The evaluated solution includes VPN concentrators, VPN clients (software and hardware), and an (optional) authentication server. The VPN Concentrator terminates secure connections established across an untrusted network from trusted IT systems equipped with the VPN client to provide access to a trusted network. The VPN concentrator has two physical interfaces; one connected to an untrusted network and the other connected to a trusted network. The software VPN clients are used when a single trusted IT system requires a secure connection to a trusted network over an untrusted network, and the trusted IT system uses one of the operating systems supported by the software clients. The hardware VPN client is used to securely connect a single trusted IT system that does not use one of the operating systems supported by the software clients to a trusted network over an untrusted network, or securely connect a single trusted LAN of trusted IT systems to a trusted network over an untrusted network. The authentication server (CiscoSecure ACS) can be used to store authentication credentials to validate connections from VPN clients to the VPN concentrator. Connections between clients and concentrators are secured using IPSec as defined in RFC 2401-2410 and 2415, with both MODECONFIG and XAUTH extensions. VPN client connections are authenticated using a combination of groupname/password or digital certificate, and username/password digital certificate. The use of SmartCards and Tokens is supported with the Windows VPN client. |
Trusted Network Separation
The products in this sub-section provide functionality which allows for the controlled interconnection of networks of different classifications through the use of a trusted product.
The following product has been evaluated by the US National Computer Security Centre against the Trusted Network Interpretation of the TCSEC.
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
MLS LAN Secure Network Server System |
|
|---|---|
|
Product Type: Network Security - Trusted Network Separation Status: Evaluated Assurance Level: TCSEC A1-MI Manufacturer: Boeing Aerospace Dealer: Boeing Aerospace PO Box 3999 |
The MLS LAN Secure Network Server System (SNSS)is a network component which can support simultaneous transmission of digital data and analog video within a local area. SNSS comprises multiple Secure Network Servers (SNSs) connected by a transmission medium (e.g., Ethernet) and provides communications between attached devices (hosts, terminals etc.) operating at different sensitivity levels. Terminals are attached to an SNS terminal device interface card which performs user identification and authentication, access control and audit functions. A terminal user may connect to hosts on the network according to mandatory and discretionary access control. SNSS uses a distributed approach to network management. |
Operating Systems
This section refers to the specific version numbers of the products that have been evaluated.
The following products are general purpose Operating Systems which have been evaluated by the US National Computer Security Centre against the US Department of Defense Trusted Computer System Evaluation Criteria (TCSEC). DSD can provide advice on how these products can be used as part of an overall trusted system.
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
XTS 300 STOP Version: 4.1 |
Product Type: Operating System Status: Evaluated Evaluation Level: B3 Hardware Base: Intel 486 PC/AT with EISA bus Dealer: Wang Australia Hayden Drive |
|---|
XTS-200 STO Version: 3.1E |
Product Type: Operating System Status: Evaluated Evaluation Level: B3 Hardware Base: Bull HN DPS 6 PLUS and DPS 6000 Dealer: Wang Australia Hayden Drive |
|---|
|
Trusted XENIX Version: 2.0 |
Product Type: Operating System Status: Evaluated Evaluation Level: B2 Hardware Base: IBM PC/AT, PS/2 models 50, 60, 70, 70T, 70P and 80 Manufacturer: Trusted Information Systems Inc, (TIS) (US) Dealer: Moystyn Enterprises Pty Ltd PO Box 134 |
|---|
|
Trusted XENIX Version: 3.0 |
Product Type: Operating System Status: Evaluated Evaluation Level: B2 Hardware Base: IBM PC/AT, PS/2 models 50, 60, 70, 70T, 70P and 80, AST 386/25, GRID 1537, NEC PowerMate 386/25, Unisys Personal Workstation 2 Series 800, Zenith Z-386/33 Manufacturer: Trusted Information Systems Inc, (TIS) (US) Dealer: Moystyn Enterprises Pty Ltd PO Box 134 |
|---|
|
Unisys OS1100/2200 Version: Release SB3R8 |
Product Type: Operating System Status: Evaluated, SB4R7 released under RAMP. Evaluation Level: B1 Hardware Base: Unisys 1100/90, System11, 2200/xxx systems Dealer: Unisys Corporation Level 1, 99 Northbourne Avenue |
|---|
|
SEVMS VAX Version: Releases 6.0, 6.1 |
Product Type: Operating System Status: Evaluated Evaluation Level: B1 Dealer: Digital Equipment Corporation 7/11 Barry Drive |
|---|
|
Trusted UNICOS Version: 8.0.2 |
Product Type: Operating System Status: Evaluated Evaluation Level: B1 Hardware Base: Cray YMP, C90, M90, EL Series Dealer: Cray Research Inc 26 Brisbane Avenue |
|---|
A Series MCP/AS with InfoGuard Security Enhancements Version: Release 3.7 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Hardware Base: Unisys A Series Advanced System computers Dealer: Unisys Corporation Level 1, 99 Northbourne Avenue |
|---|
ACF2/VM with IBM's VM/SP 4.0 or VM/SP HPO 4.2 Version: Release 3.1 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Hardware Base: IBM 370 processor Dealer: Computer Associates Level 3, Computer Associates House |
|---|
AOS/VS 11 Version: 3.01 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Hardware Base: Data General's MV/ECLIPSE systems Dealer: Data General Corporation Level 7 |
|---|
|
VAX/VMS Version: 4.3 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Hardware Base: DEC 11/725, 11/730, 11/750, 11/751, 11/780, 11/782, 11/785, 8200, 8600, 8650 processors, and Norden Systems' MIL VAX I and II Dealer: Digital Equipment Corporation 7/11 Barry Drive |
|---|
Tandem Guardian 90 with Safeguard Version: S01.00 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Hardware Base: Tandem Non-stop processors Dealer: Tandem Computers Pty Ltd PO Box 706 |
|---|
Trusted OS/32 Version: Release 08-03.35 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Dealer: Concurrent Computer Corporation Pty Ltd 75 Epping Road |
|---|
Open VMS VAX Version: Release 6.0, 6.1 |
Product Type: Operating System Status: Evaluated Evaluation Level: C2 Dealer: Digital Equipment Corporation 7/11 Barry Drive |
|---|
The following product has been evaluated by DSD for the protection of Australian Government information.
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
RACF under MSP/E20 and MSP/EX Version: V11L10 |
Product Type: Operating System Status: Evaluated Assurance Level: ITSEC E2, F-C2 functionality Dealer: Fujitsu Australia Limited Box 631 |
|---|
This section refers to the specific version numbers of the products that have been evaluated.
The following products are general purpose Operating Systems which have been evaluated by the US National Computer Security Centre against the US Department of Defense Trusted Computer System Evaluation Criteria (TCSEC) or by the UK IT Security Evaluation and Certification Scheme. DSD can provide advice on how these products can be used as part of an overall trusted system.
SCO UnixWare on Fujitsu-ICL C530I and G550I Teamservers with consoles Version: 2.1.0 |
|
|---|---|
Product Type: Operating System Assurance Level: ITSEC E2 Supplier: SCO Certification Status: Certificate P119, February 1999 Point of Contact: Jon Coyle Phone: 01923 813656 |
SCO UnixWare 2.1 is a UNIX operating system with functionality designed to exceed ITSEC F-C2. SCO UnixWare 2.1 provides the following functions:
|
SCO CMW+ running on Elonex PC590/1, Elonex PC575/1 and Unisys SMP 5400 workstations Version: Release 3.0.1 |
|
|---|---|
|
Product Type: Operating System Assurance Level: ITSEC E3 Supplier: SCO Certification Status: Certificate P131 September 1999 Point of Contact: Jon Coyle Phone: 01923 813656 |
SCO CMW+ is a complete line of trusted workstation, server and development environment based on SCO Open Desktop/Open Server 3.0 with CMW+ security enhancements and MaxSix secure networking software. SCO CMW+ is a multi-level, multi-user, multi-tasking operating system that runs on 386/486/Pentium platforms. It is designed to meet and exceed the functionality requirements of the pre-defined ITSEC F-B1 functionality class. SCO CMW+ provides the following functions:
|
Sun Solaris Version: 2.5.1SE |
|
|---|---|
|
Product Type: Operating System Assurance Level: ITSEC E2 Supplier: Sun Microsystems Federal Certification Status: Certificate 98/97 March 1998 Point of Contact: Joe Alexander Phone: +703 204 4202 |
Solaris 2.5.1SE is the latest version of Sun’s commercial operating system to have undergone ITSEC evaluation to E2/F-C2. The product was evaluated on the Sun UltraSPARC-1 Workstation and servers sharing information in a distributed networking environment. The evaluation included the following features in addition to the ITSEC Functionality Class F-C2:
Two patches which have been certified must be included in order for the product to maintain its certified status. Refer to the Sun Security Bulletins #168, #169 and associated patches 104220-03, 104490-05. |
Endorsed Cryptographic Products
These products have only had cryptographic functionality evaluated and no assurance is given regarding any other mechanisms present in the product.
For cryptographic products which have had all aspects evaluated, refer to the relevant sections (e.g. Network Security, PC Security).
The following products are approved for protecting non-national security information, and in consultation with DSD, RESTRICTED information. Contact DSD regarding the provision of keying material.
The historical EPL contains listings for products that have been evaluated that may no longer be available in the original evaluated form, are no longer supportable or the environment that they are designed to operate in has changed. Customers considering the use of a product on the historical EPL must contact DSD to verify whether the product will meet their security needs. Products transitioning to the historical EPL will remain listed on the EPL for at least twelve months before being removed, except where a product is no longer able to support Australian Government policy.
Encrypting Modems
Interlink Electronics
113 Fitzroy Street
ST KILDA VIC 3182.
Contact: Mr Rick Spielrein
Phone: (03) 9525 3388
Fax: (03) 9525 37951. Voidax Pro
modem capable of processing data (14K4bps), fax(14Kb bps) and voice digitisation. Offers DES CFB encryption for data with optional removable DES dongle; in-built 2/4 channel multiplexer; multi-drop serial port; V42/bis and MNP4/5 correction and compression; auto-discriminates between voice, data and fax.
Pacific Research
PO Box 487
RICHMOND NSW 2753
Contact: Andrew Waterhouse
Phone: (02) 4588 5633
Fax: (02) 4588 56341. KEYNET 2 Modem & associated encryption module
300 bps to 9000 bps, synchronous and asynchronous. RS232 interface.
2. Case Monomux Stand Alone Encryptor
300 bps to 9600 bps, synchronous and asynchronous. RS232 interface.
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 31881. SecurPAC EM
Encryptor modem operating at 2400 or 9600bps. Approved models C860001 and C860011.
2. SecurPAC EMP
X.25 encryptor and modem via a dial up X.32 at rates 2400 or 9600. Approved models C860301 and C8603111.3. SecurPAC PEM
X.32 PAD encryptor modem, handles all packets within the X.25 protocol at rates of 2400 or 9600. Approved models C860401 and C860411.
Link Encryptors
ADE Network Technology
1st Floor, Andrew Centre
42 Giles St
KINGSTON ACT 2604
Contact: Mr Ian Deas
Phone: (02) 6239 6642
Fax:(02) 6239 67381.Cylink LSi Encryptor (Australian Government Version Only
Up to 256 kbps synchronous or 19.2 kbps asynchronous. CCITT X.21/V.11, V.28, V.35, RS232C, RS449/442 interfaces.2. Cylink Hsi Encryptor (Australian Government Version Only)
9600 bps to 2 Mbps synchronous operation. DSI (including ESF), DS2, V.35, RS449/442, X.21/V.11, G703 (2.04 Mbps) interfaces.
ERACOM Pty Ltd
26 Greg Chappell Drive
BURLEIGH HEADS QLD 4220
Contact: Mrs Susan Sharpe
Phone: (07) 5593 4911
Fax: (07) 5593 43881. 4007 Data Encryptor
7 bps to 128 Kbps, synchronous. V.24 and V.35 interfaces.
RACAL Australia (formerly the Chubb Australia Ltd entry)
Unit 12/15-35 Gertrude Street
FITZROY VIC 3065
Contact: Graham Dodson
Phone: (03) 9417 4878
Fax: (03) 9417 48601. DC64-1027 Link Encryptor
Operates from 300 bps to 64 kbps, in synchronous or asynchronous mode. The link encryptor interfaces with V.24, V.35 and V.11.
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 31881. SecurLINK Series
Synchronous and asynchronous for protocol independent and protocol dependent networks to secure both point to point and multi drop services. Supports RS232/V.24, V.11, V.35 and RS422. Approved models (contain DES or DEFENDER encryption), C840211, C840223, C841243, C841263, C841273, C842243, C842263, C842273, C843243, C843263 and C843273.2. Megacrypt Series (formerly RD189)
Synchronous protocol independent units enabling 2.048Mbps. Variety of key management methods available. Approved models C851193, C853193 and C854193.3. RD185 Series
Synchronous protocol independent unit fitted with V.24/RS232 interface. Options include V.35 interface and use of DES algorithm. Approved models RD185E, RD185H-DES, RD185D, RD185H and RD185-V11.4. Guardian Series
For dial up or point to point applications up to 9600bps asynchronous or 2400 bps synchronous. Supports RS232/V.24. Approved models C830011 and C830101.
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 31881. SecurLINK Series
Used for X.25 packet switching networks. Supports RS232/V.24, V.11, V.35 and RS422 interfaces and can operate at speeds up to 64kbps. Models approved C840321, C841331, C842331 and C843331.2. RD187 Series
Used for X.25 packet switching networks. End to end synchronous protocol independent and asynchronous protocol dependent versions are available. Supports RS232/V.24 and V.35. Approved models RD187HP and RD187P.3. Guardian Series
Used to secure information over X.32 packet switching networks, handles all packets within the X.25 protocol at rates up to 9600bps. Approved model C830311.
Technical Communications Corporation
C/- Pacific Research
PO Box 487
RICHMOND NSW 2753
Contact: Andrew Waterhouse
Phone: (02) 4588 5633
Fax: (02) 4588 56341. Cipher X 5000-1027 X.25
X.25 DES encryptor to 9600 bps with RS232 interface.
Encryption Systems
Eagle City
1st Floor, 442 Murray Street
PERTH WA 6000
C/- TERCEL Pty Ltd
Hewlett Packard Building
Fernhill Park BRUCE ACT 2617
Contact: Mr Rowan Falconer
Phone: (02) 6251 5100
Fax: (02) 6251 33861. Descrypt V2.12G
DEA-1 (DES) encryption system.
Test Equipment
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 3188Model Description 1. MPT1
Test unit for asynchronous and synchronous encryptors2. MPT2
Test unit for X.25 encryptors
Key Management Tool
Pacific Research
PO Box 487
RICHMOND NSW 2753
Contact: Andrew Waterhouse
Phone: (02) 4588 5633
Fax: (02) 4588 5634KEYNET SECURITY SYSTEM
KNET BU - Keynet Basic Unit.
KNET KMCC - Keynet Control Card.
KNET KCC - Keynet Channel Card.
KNET Cable - Keynet Node Cable.
KNET Keymanager - Keynet Network Control Software.
KNET Manual - Installation and User Guide.
KNET Keys - Physical Encryption Key.
KNET RN - Keynet Random Number Generator.
KNET Keymodem - Remote Station Modem.
KNET EXP - Keynet Expander Unit.
RACAL Australia (formerly the Chubb Australia Ltd entry)
Unit 12/15-35 Gertrude Street
FITZROY VIC 3065
Contact: Graham Dodson
Phone: (03) 9417 4878
Fax: (03) 9417 48601. Key Loader
2. Key Transport Module
3. High Density Key Transport Module
TELSTRA Multi Media Pty Ltd
Level 6/1 South Bank Blvd
SOUTH MELBOURNE VIC 3004Locked Bag 5671
MELBOURNE VIC 8100
Contact: Mr. Brendon Johnson
Phone: (03) 9256 5650
Fax: (03) 9256 57001. Module D1(V1)
DES encryption package utilising DES based key management system.2. Module R1 (V1.1)
DES encryption package utilising public key (with Government key additive) key management system.
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 3188Key Modules:
1. KM1 and KM2
Key module for RD1852. KM2K
Key module for SecurLINK, SecurPAC, Guardian, RD187 and Megacrypt series
Secure Telephones
MOTOROLA USA
Motorola Communications
Unit 9, Rowland House
10 Thesiger Court
DEAKIN ACT 2600PO Box 170
DEAKIN WEST ACT 2600
Contact: Mr Timo Brouwer
Phone: (02) 6281 6809
Fax: (02) 6281 39531. SVX 9600 Secure Telephone (Australian Government Version only)
Two wire, full duplex digital speech encryptor, both 2400 and 9600 bps operation. Keyed manually via computer.
Secure Facsimile
SecureNet Limited
Victoria
1 Hall Street
HAWTHORN VIC 3122
Phone: (03) 9822 7858
Fax: (03) 9822 9980ACT
9-11 Napier Close
DEAKIN ACT 2600
Phone: (02) 6260 3255
Fax: (02) 6260 31881. RD185Fax:
Encrypt data transmitted over fax using a RS232 data port. Approved model RD185FAX.
PC Security Products
CustomLoc Access
Version: 3.10 on IBM PC compatible running DOS 3.1 or higher.
Product Type: PC Security
Status: Evaluated
Assurance Level: ITSEC E1
Manufacturer: CustomLoc Pty Ltd
PO Box 336
MULGRAVE VIC 3170
Dealer: Australian Projects Pty Limited
PO Box 90
GLENORIE NSW 2157
Contact: Chris Joscelyne
Phone: (02) 9652 2600
Fax: (02) 9652 2700
Email: info@austprojects.com.au
Web: www.zondex.comCustomLoc Access is a software only package that is designed to provide security for a personal computer. CustomLoc Access provides protection through encryption of the hard drive, with users being required to go through a login process before access to (and decryption of) data on the drive is allowed. The login process is provided by CUSTOM MENU Secure which also manages discretionary access control, protection against object reuse, boot protection, keyboard locking and some system integrity.
Data encryption is performed on the hard drive and on a file-by-file basis by a proprietary algorithm. The file encryption employs a key chosen by the user. The file encryption option must be used if sensitive classified data is to be protected adequately.
CUSTOMLOC HI-SPEED with "Australian Government version" encryption option
Version: 3.05 for Toshiba Laptops and IBM PCs
Product Type: PC Security
Status: Evaluated
Assurance Level: ITSEC E1
Manufacturer: CustomLoc Pty Ltd
PO Box 336
MULGRAVE VIC 3170Dealer: Australian Projects Pty Limited
PO Box 90
GLENORIE NSW 2157
Contact: Chris Joscelyne
Phone: (02) 9652 2600
Fax: (02) 9652 2700
Email: info@austprojects.com.au
Web: www.zondex.comCustomLoc provides security on an IBM-PC through a combination of software and hardware. Users must authenticate themselves via a password when first logging onto the machine, and are then presented with a comprehensive menu system, restricting the actions they can perform. All access to a DOS prompt can be removed from users, along with the ability to shell to DOS from applications.
Access control to files, directories and disks can be set on a user by user basis, and control of low level disk reads and writes can help prevent virus attacks.
Intruders are prevented from looking at the disk through the encryption of the partition record and through the full encryption of all data on the disk.
CustomLoc also provides auditing facilities, keyboard locks, screen blanking and protection against object re-use. The HI-SPEED encryption is suitable for the protection of sensitive classified data.
CustomLoc PC card
Version: 1.31 on IBM PC compatible notebook with a PCMCIA expansion port, running DOS 3.1 or higher.
Product Type: PC Security
Status: Evaluated
Assurance Level: ITSEC E1
Manufacturer: CustomLoc Pty Ltd
PO Box 336
MULGRAVE VIC 3170Dealer: Australian Projects Pty Limited
PO Box 90
GLENORIE NSW 2157
Contact: Chris Joscelyne
Phone: (02) 9652 2600
Fax: (02) 9652 2700
Email: info@austprojects.com.au
Web: www.zondex.com
CustomLoc PC card is a software and hardware package that is designed to provide security for a notebook computer. CustomLoc PC card provides protection through encryption of the hard drive, with users being required to go through a login process before access to (and decryption of) data on the drive is allowed. The login process is provided by CUSTOM MENU Secure which also manages discretionary access control, protection against object reuse, boot protection, keyboard locking and some system integrity.
Data encryption is performed on the hard drive and on a file-by-file basis by a proprietary algorithm. The file encryption employs a key chosen by the user. The file encryption option must be used if sensitive classified data is to be protected adequately.
CustomLoc PC card can be run across a network; however the evaluation was conducted on a stand-alone notebook computer.
CustomLoc Smart Security
Version: 3.10 Rev 1.05
Product Type: PC Security
Status: Evaluated
Assurance Level: ITSEC E1
Manufacturer: CustomLoc Pty Ltd
PO Box 336
MULGRAVE VIC 3170Dealer: Australian Projects Pty Limited
PO Box 90
GLENORIE NSW 2157
Contact: Chris Joscelyne
Phone: (02) 9652 2600
Fax: (02) 9652 2700
Email: info@austprojects.com.au
Web: www.zondex.com
CustomLoc Smart Security is a software and hardware package that is designed to provide logon security for a personal computer. CustomLoc Smart Security provides protection through the encryption of the hard drive, with users being required to go through a login process before access to (and decryption of) data on the drive is allowed. The logon process consists of a user entering their user id and a password. The PC then requests the insertion of a Smart Security card into the Smart Security card reader to validate the user id and password.
CUSTOM MENU Secure also provides discretionary access control, protection against object reuse, boot protection, keyboard locking and some system integrity. User access (write, read or none) to files, directories and drives is specified by the central administrator and can be set either individually or by group. Access to a DOS prompt (and therefore Windows) can also be restricted allowing users to only run programs (specified by the central administrator) from the hierarchical menu system.
Data encryption is performed on the hard drive by a proprietary algorithm. The encryption key is stored on the user's Smart Security card, thus providing an additional level of encryption security.
CUSTOM MENU Secure
Version: 3.10 Rev 1.28
Product Type: PC Security
Status: EvaluatedManufacturer: CustomLoc Pty Ltd
PO Box 336
MULGRAVE VIC 3170Dealer: Australian Projects Pty Limited
PO Box 90
GLENORIE NSW 2157
Contact: Chris Joscelyne
Phone: (02) 9652 2600
Fax: (02) 9652 2700
Email: info@austprojects.com.au
Web: www.zondex.com
CUSTOM MENU Secure is a software package that is designed to provide security for a PC computer. CUSTOM MENU Secure provides protection through encryption of the hard drive, with users being required to go through a login process before access to (and decryption of) data on the drive is allowed. User access (write, read or none) to files, directories and drives is specified by the central administrator and can be set either individually or by group. Access to a DOS prompt (and therefore Windows) can also be restricted allowing users to run programs (specified by the central administrator) from the hierarchical menu system only.
An audit trail and run log are provided to monitor users' actions either singly or as a group. Items from the audit trail and run log may be selected as a group or by event type. These reports can be sent to a printer, the screen or a disk file.
Version: 7.0.3
Product Type: PC Security Products
Certificate Details: 36/2005, September 2005
Assurance Level: CC EAL2
Evaluation Facility: LogicaCMG [opens new window]
Manufacturer: SafeNet Australia Pty Ltd
Dealer: SafeNet Australia Pty Ltd
Level 1, 16 Atchison Street
ST LEONARDS NSW 2065
Phone: +61 2 9906 2988
Fax: +61 2 9906 2289
Email: info.apac@safenet-inc.com
Web: www.safenet-inc.com
Security Target [354KB] Certification Report [190KB] Consumer Guide [369KB]
ProtectDrive employs strong, trusted access control and data encryption techniques to protect sensitive information on laptops, portable PCs, workstations and servers from access by unauthorised users.
ProtectDrive fully integrates with the host operating system enabling single system log on and transparent operation.
ProtectDrive has the following major features:
- System Boot control (ProtectDrive activates prior to the operating system boot).
- Strong data security through the use of hard disk drive encryption.
- Available encryption algorithms include Triple DES to meet government security recommendations.
- User log on and authentication control through the use of User Id and password or the use of Token and PIN.
- Windows XP and Windows 2000.
- Unauthorised log on protection.
- Log on display showing date and time of last successful log on and details of any failed log on attempts since the last successful log on.
- Administrative control of user access to floppy disks and the use of serial and parallel ports.
- Easy to install and transparent in use.
- Network based installation is possible from a central server
.
