Posted on December 5, 2015 by KVMGalore | 0 comments
An Evaluation Assurance Level (EAL) is a category ranking (a numerical grade) assigned to an IT product or system after a Common Criteria security evaluation. The level indicates to what extent the product or system was tested. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented.
A product or system must meet specific assurance requirements to achieve a particular EAL. Requirements involve design documentation, analysis and functional or penetration testing. The highest level provides the highest guarantee that the system's principal security features are reliably applied.
Although assurance requirements for each product and system are the same, functional requirements differ. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested. Functional features are created in the Security Target document, which is specifically tailored for each product's evaluation. Therefore, a higher EAL does not indicate a higher level of security than a lower EAL because they may have different functional features in the Security Targets.
|EAL 1||Functionally tested|
|EAL 2||Structurally tested|
|EAL 3||Methodically tested and checked|
|EAL 4||Methodically designed, tested and reviewed|
|EAL 5||Semi-formally designed and tested|
|EAL 6||Semi-formally verified design and tested|
|EAL 7||Formally verified design and tested|