Evaluation Assurance Level


Evaluation Assurance Level (EAL) is used by the Common Criteria for Information Technology Security Evaluation and is the the numerical rating describing the depth and rigor of an evaluation of Level Of Assurance

Each Evaluation Assurance Level corresponds to a package of Security Assurance Requirements (SARs) which covers the complete development of a product, with a given level of strictness.

Common Criteria lists seven levels, with EAL 1 being the most basic (and therefore cheapest to implement and evaluate) and EAL 7 being the most stringent (and most expensive).

Normally, an ST or PP author will not select assurance requirements individually but choose one of these packages, possibly 'augmenting' requirements in a few areas with requirements from a higher level. Higher EALs do not necessarily imply "better security", they only mean that the claimed security assurance of the TOE has been more extensively verified.

More Information#

There might be more information for this subject on one of the following: