Evaluation Insurance Level

The Evaluation Insurance Level (EAL1 through EAL7) is an international standard in the field of credit and security. to achieve Common Criteria certification. The intent of the higher levels is to provide greater confidence that the system’s main security features are reliably implemented. The EAL level does not measure the security of the system itself, it has been tested.

To achieve a particular EAL, the computer system must meet specific insurance requirements . Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones. Achieving a higher EAL certification. The EAL number assigned to a certified system indicates that the system has been completed.

Although every product and system must fulfill the same insurance requirements, they do not have to fulfill the same functional requirements. The functional features for each certified product are established in the Security Targetdocument for that product’s evaluation. Therefore, a product with a higher EAL is not necessarily “more secure” in a particular application than one with a lower EAL, since they can have very different lists of functional features in their Security Targets. A product’s fitness for a particular security application depends on how the product is listed in the product. If the Security is needed, then the higher EAL should indicate the most important product for that application.

Insurance levels

EAL1: Functionally Tested

EAL1 is applicable where some confidence in correct operation is required, but the threats are not considered as serious. It will be of value where independent assurance is required to support the contention that it has been exercised with respect to the protection of personal or similar information. EAL1 provides an evaluation of the TOE (Target of Evaluation) as made available to the customer, including independent testing against a specification, and an examination of the guidance documentation provided. It is intended that an EAL1 evaluation could be successfully conducted without assistance from the developer of the TOE, and for minimal cost. An evaluation of this level should provide evidence that the TOE functions in a manner consistent with its documentation, and that it provides useful protection against identified threats.

EAL2: Structurally Tested

EAL2 requires the cooperation of the developer of information and design results, but should not require more effort on the part of the developer than is consistent with good commercial practice. As such it should not require a strong growth of the cost of time. EAL2 is therefore applicable in those circumstances where developers or users require a low level of independent assurance of complete development record. Such a situation may arise when securing legacy systems.

EAL3: Methodically Tested and Checked

EAL3 allows you to gain maximum assurance from positive security engineering at the design stage without substantial alteration of existing sound development practices. EAL3 is applicable in those circumstances where developers or users require a moderate level of independent assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering.

EAL4: Methodically Designed, Tested and Reviewed

EAL4 permits a developer to gain maximum assurance from positive security engineering based on good business development practices, which requires rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is possible to be economically feasible to retrofit to an existing product line. Where appropriate are the requirements for the application of a specific security measure in the context of a specific security measure.

Commercial operating systems , which is used at EAL4. Examples of such operating systems are AIX , [1] HP-UX , [1] , Oracle Linux , NetWare , Solaris , [1] SUSE Linux Enterprise Server 9 , [1] [2] SUSE Linux Enterprise Server 10 , [3] Red Hat Enterprise Linux 5 , [4] [5] Windows 2000 Service Pack 3, Windows 2003 , [1] [6] Windows XP , [1][6] Windows Vista , [7] [8] Windows 7 , [1] [9] Windows Server 2008 R2 , [1] [9] z / OS version 2.1 and z / VM version 6.3. [1]

Operating systems That Provide multilevel security are Evaluated at a minimum of EAL4. Examples include Trusted Solaris , Solaris 10 Release 11/06 Trusted Extensions , [10] an early version of the XTS-400 , VMware ESXi version 3.0.2, [11] 3.5, 4.0, AIX 4.3, AIX 5L, AIX 6, AIX7 , Red Hat 6.2 & SUSE Linux Enterprise Server 11 (EAL 4+). vSphere 5.5 Update 2 did not achieve EAL4 + level it was an EAL2 + and certified on June 30, 2015.

EAL5: Semiformally Designed and Tested

EAL5 permits a developer to gain maximum assurance from a technical security based on rigorous commercial development practices. Such a TOE will likely be designed and developed with EAL5 insurance. It is likely that the additional costs attributable to the EAL5 requirements, relating to rigorous development without the application of specialized techniques, will not be wide. EAL5 is therefore applicable in those circumstances where developers or users require a high level of independent assurance of security planning and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.

Numerous smart card devices have been evaluated at EAL5, as they have been multilevel secure devices such as the Tenix Interactive Link . XTS-400 (STOP 6) is a general-purpose operating system which has been evaluated at EAL5 augmented.

LPAR on IBM System z is EAL5 Certified. [12]

EAL6: Semiformally Verified Design and Tested

EAL6 permits developers to gain high assurance from a high level of security. EAL6 is therefore applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs.

Green Hills Software’s INTEGRITY-178B RTOS has been certified to EAL6 augmented. [1]

EAL7: Formally Verified Design and Tested

EAL7 is applicable to the development of security TOEs for application in extremely high risk situations and / or where the high value of the assets justifies the higher costs.

Practical application of EAL7 is currently limited to TOES with tightly focused security functionality that is amenable to extensive formal analysis. The Tenix Interactive Link Data Device Diode and the Fox-IT Fox Data Diode has been evaluated at EAL7 augmented (EAL7 +). [13] [14]

Implications of assurance levels

Technically speaking, a higher EAL means nothing more, or less, than the assessment of quality assurance requirements. It is more likely that it is more likely that it will be able to provide a more reliable and more secure service. support that assumption.

Impact on cost and schedule

In 2006, the US Government’s Accountability Office published a report on Common Criteria that measured levels of costs and schedules reported at levels EAL2 through EAL4.

Range of completion times and costs for Common Criteria evaluations at EAL2 through EAL4.

In the mid to late 1990s, vendors reported spending US $ 1 million and even US $ 2.5 million on comparable estimates to EAL4. There have been no published reports of the cost of the various Microsoft Windows security assessments.

Augmentation of EAL requirements

In some cases, the evaluation may be increased to include assurance requirements beyond the minimum required for a particular EAL. Officially this is indicated by following the EAL number with the word augmented and usually with a list of codes to indicate the additional requirements. As shorthand, vendors will often simply add a “plus” sign (as in EAL4 + ) to indicate the augmented requirements.

EAL notation

The Common Criteria standards denote EALs as shown in this article: the prefix “EAL” concatenated with a digit 1 through 7 (Examples: EAL1, EAL3, EAL5). In practice, some countries place a space between the prefix and the digit (EAL 1, EAL 3, EAL 5). The use of a larger product is more informal (EAL4 + or EAL 4+).


  1. ^ Jump up to:j Common Criteria certified product list
  2. Jump up^ Certification Report for SUSE Linux Enterprise Server 9
  3. Jump up^ SUSE Linux Enterprise Server 10 EAL4 Certificate
  4. Jump up^ Red Hat Enterprise Linux Version 5 EAL4 Certificate
  5. Jump up^ https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Release_Notes/security.html
  6. ^ Jump up to:b Windows Platform Products Awarded Common Criteria EAL 4 Certification Archived 2006-04-20 at the Wayback Machine .
  7. Jump up^ Myers, Tim. “Windows Vista and Windows Server 2008 are Common Criteria Certified at EAL4 +” . Microsoft . Retrieved May 15, 2013 .
  8. Jump up^ “National Information Assurance Common Criteria Evaluation and Validation Scheme” (PDF) . Retrieved May 15, 2013 .
  9. ^ Jump up to:b Microsoft Windows 7, Windows Server 2008 R2 and SQL Server 2008 SP2 Now Certified as Common Criteria Validated Products
  10. Jump up^ Solaris 10 Release 11/06 Trusted Extensions EAL 4+ Certification Report
  11. Jump up^ VMware Infrastructure Earnings Security Certification for Stringent Government Standards
  12. Jump up^ IBM System z Security; IBM System z partitioning achieves highest certification
  13. Jump up^ [1]
  14. Jump up^ http://www.datadiode.eu

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright computerforum.eu 2019
Shale theme by Siteturner