Definition

Evaluation Assurance Level (EAL)

Contributor(s): Sharon Zaharoff

An Evaluation Assurance Level (EAL) is a category ranking assigned to an IT product or system after a Common Criteria security evaluation. The level indicates to what extent the product or system was tested.

A product or system must meet specific assurance requirements to achieve a particular EAL. Requirements involve design documentation, analysis and functional or penetration testing. The highest level provides the highest guarantee that the system's principal security features are reliably applied. 

Although assurance requirements for each product and system are the same, functional requirements differ. Functional features are created in the Security Target document, which is specifically tailored for each product's evaluation. A higher EAL does not indicate a higher level of security than a lower EAL because they may have different functional features in the Security Targets.

EAL Level Description
EAL 1 Functionally tested
EAL 2 Structurally tested
EAL 3 Methodically tested and checked
EAL 4 Methodically designed, tested and reviewed
EAL 5 Semi-formally designed and tested
EAL 6 Semi-formally verified design and tested
EAL 7 Formally verified design and tested

 

This was last updated in July 2014

Continue Reading About Evaluation Assurance Level (EAL)

Dig Deeper on IT compliance and governance strategies

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchWindowsServer

SearchEnterpriseLinux

SearchServerVirtualization

SearchCloudComputing

Close