Definitions Edit

An assurance level is

[a] specific level on a hierarchical scale representing successively increased confidence that a target of evaluation adequately fulfills the requirements.[1]
[t]he Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999.[2]
a level of confidence in the process used to validate and establish the identity of a person attempting to access an information system.[3]
[t]he amount of assurance obtained according to the specific scale used by the assurance method. The amount of assurance obtained generally is related to the effort expended on the activities performed.[4]

Overview Edit

"The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested."[5]

References Edit

  1. Internet Security Glossary, at 11.
  2. Framework for Cyber-Physical Systems, at 6.
  3. Privacy Technical Assistance Center, Assurance Level (full-text).
  4. ISO/IEC WD 15443-1 (Nov. 2001).
  5. Framework for Cyber-Physical Systems, at 6.