ACSC programs and advice are being migrated to (see sidebar)


The Australian Signals Directorate (ASD) evaluates ICT security products to protect government information. These formal independent assessments provide confidence that ICT security products perform as claimed by the vendor.

ASD performs the following types of evaluations:

The Evaluated Products List (EPL) lists ICT security products evaluated by ASD and certified for use in Australian and New Zealand government agencies.

ASD mutually recognises evaluations under the Common Criteria Recognition Arrangement (CCRA) and agencies are able to select products certified by any CCRA nation where the result is listed on the Common Criteria Portal.

Australian and New Zealand government agencies can ask ASD to evaluate products by writing a letter of recommendation for evaluation.

In August 2018 ACSC launched a new website,, to reflect its new organisation.

Cyber security programs and advice are being migrated to Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies