The Evaluation Assurance Level (EAL) is a numerical value that reflects the trustworthiness or security of an IT product or system.
The Evaluation Assurance Level (EAL) is a numerical value that indicates the trustworthiness or security of an IT product or system. It is an international scale developed under the Common Criteria (CC), an internationally recognized standard for evaluating the security of IT products.
The EAL, which ranges from 1 to 7 (plus three additional levels 6+, 6, 6+, and 7+), indicates the depth and rigor of the evaluation to confirm that a product or system meets its security requirements. Various security functions and measures are evaluated, such as user identification, access control, data transmission, and system integrity. A technical evaluation by Pentests must be carried out.
The higher the EAL rating, the more comprehensive and rigorous the security audit and the greater the confidence in the security of the product or system. An EAL of 1 represents the lowest level of security testing, while 7+ represents the highest level and must meet the most stringent requirements to ensure a very high level of confidence in security.
The EAL is awarded by independent accreditation bodies or IT security testing organizations according to the Common Criteria guidelines. It serves as an indicator of the security of IT products or systems and can be helpful in deciding whether to use IT solutions. However, the EAL should not be used as the sole criterion for assessing security, as other factors such as implementation and configuration also play an important role.
ISO 15408 is an international standard that describes and defines the Common Criteria (CC). It specifies the requirements for conducting security assessments of IT products and systems and defines the different EAL levels.
ISO 15408 specifies that the EAL rating must be assigned based on the security testing and evaluation performed. It also describes the specific requirements for each EAL level and indicates which security functions and measures must be tested at each level.
ISO 15408 ensures that the EAL rating is awarded consistently and objectively and that it can be used as a reliable indicator of the security of IT products and systems. It is regularly updated to meet ever-changing security requirements.
Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: