The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.
To achieve a particular EAL, the computer system must meet specific assurance requirements. Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones. Achieving a higher EAL certification generally costs more money and takes more time than achieving a lower one. The EAL number assigned to a certified system indicates that the system completed all requirements for that level.
Although every product and system must fulfill the same assurance requirements to achieve a particular level, they do not have to fulfill the same functional requirements. The functional features for each certified product are established in the Security Target document tailored for that product's evaluation. Therefore, a product with a higher EAL is not necessarily "more secure" in a particular application than one with a lower EAL, since they may have very different lists of functional features in their Security Targets. A product's fitness for a particular security application depends on how well the features listed in the product's Security Target fulfill the application's security requirements. If the Security Targets for two products both contain the necessary security features, then the higher EAL should indicate the more trustworthy product for that application.
Read more about Evaluation Assurance Level: Implications of Assurance Levels
Famous quotes containing the words evaluation, assurance and/or level:
“Good critical writing is measured by the perception and evaluation of the subject; bad critical writing by the necessity of maintaining the professional standing of the critic.”
—Raymond Chandler (1888–1959)
“Women have a hard time of it in this world. They are oppressed by man-made laws, man-made social customs, masculine egoism, the delusion of masculine superiority. Their one comfort is the assurance that, even though it may be impossible to prevail against man, it is always possible to enslave and torture a man.”
—H.L. (Henry Lewis)
“Nihilism as a symptom that the losers have no more consolation: that they destroy in order to be destroyed, that without morality they no longer have any reason to “resign themselves”Mthat they put themselves on the level of the opposite principle and for their part also want power in that they compel the mighty to be their hangmen. This is the European form of Buddhism, renunciation, once all existence has lost its “meaning.””
—Friedrich Nietzsche (1844–1900)