Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Evaluation Assurance Level
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Implications of assurance levels == Technically speaking, a higher EAL means nothing more, or less, than that the evaluation completed a more stringent set of [[quality assurance]] requirements. It is often assumed that a system that achieves a higher EAL will provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction), but there is little or no published evidence to support that assumption. === Impact on cost and schedule === In 2006, the US [[Government Accountability Office]] published a report on Common Criteria evaluations that summarized a range of costs and schedules reported for evaluations performed at levels EAL2 through EAL4. [[Image:Common Criteria evaluation costs.gif|frame|none| Range of completion times and costs for Common Criteria evaluations at EAL2 through EAL4.]] In the mid to late 1990s, vendors reported spending US$1 million and even US$2.5 million on evaluations comparable to EAL4. There have been no published reports of the cost of the various [[Microsoft Windows]] security evaluations. === Augmentation of EAL requirements === In some cases, the evaluation may be ''augmented'' to include assurance requirements beyond the minimum required for a particular EAL. Officially this is indicated by following the EAL number with the word '''augmented''' and usually with a list of codes to indicate the additional requirements. As shorthand, vendors will often simply add a "plus" sign (as in '''EAL4+''') to indicate the augmented requirements. === EAL notation === The Common Criteria standards denote EALs as shown in this article: the prefix "EAL" concatenated with a digit 1 through 7 (Examples: EAL1, EAL3, EAL5). In practice, some countries place a space between the prefix and the digit (EAL 1, EAL 3, EAL 5). The use of a plus sign to indicate augmentation is an informal shorthand used by product vendors (EAL4+ or EAL 4+).
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)