Evaluation Assurance Level

It will be of value where independent assurance is required support the contention that due care has been exercised with respect to the protection of personal or similar information.

It is intended that an EAL1 evaluation could be successfully conducted without assistance from the developer of the TOE, and for minimal cost.

EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs.

Commercial operating systems that provide conventional, user-based security features are typically evaluated at EAL4.

Examples with active Certificate include SUSE Linux Enterprise Server 15 (EAL 4+).

It is likely that the additional costs attributable to the EAL5 requirements, relative to rigorous development without the application of specialized techniques, will not be large.

[13] EAL6 permits developers to gain high assurance from application of security engineering techniques to a rigorous development environment in order to produce a premium TOE for protecting high-value assets against significant risks.

Practical application of EAL7 is currently limited to TOEs with tightly focused security functionality that is amenable to extensive formal analysis.

[15] Technically speaking, a higher EAL means nothing more, or less, than that the evaluation completed a more stringent set of quality assurance requirements.

It is often assumed that a system that achieves a higher EAL will provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction), but there is little or no published evidence to support that assumption.

Officially this is indicated by following the EAL number with the word augmented and usually with a list of codes to indicate the additional requirements.