Overview#

Evaluation Assurance Level (EAL) is used by the Common Criteria for Information Technology Security Evaluation and is the the numerical rating describing the depth and rigor of an evaluation.

Each Evaluation Assurance Level corresponds to a package of Security Assurance Requirements (SARs) which covers the complete development of a product, with a given level of strictness.

Common Criteria lists seven levels, with EAL 1 being the most basic (and therefore cheapest to implement and evaluate) and EAL 7 being the most stringent (and most expensive).

Normally, an ST or PP author will not select assurance requirements individually but choose one of these packages, possibly 'augmenting' requirements in a few areas with requirements from a higher level. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively verified.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 01-Apr-2017 19:00 by jim