• baner CCMODE

Evaluation Assurance Level (EAL)

Written by Super User. Posted in Quick start

Assurance is measured from EAL1 to EAL7. The higher is the level, the higher is the rigour of the security development process and the more details it has to include. EALs are interpreted in the following way:

  • EAL1 – TOE was functionally tested,
  • EAL2 – TOE was structurally tested,
  • EAL3 – TOE was methodically tested and checked,
  • EAL4 – TOE was methodically designed, tested and reviewed,
  • EAL5 – TOE was semiformally designed and tested,
  • EAL6 – TOE was semiformally verified design and tested,
  • EAL7 – TOE was formally verified design and tested.

EALs declared by developers for given IT products are described by specially composed sets of assurance components, called assurance packages. 


Security assurance requirements

Written by Super User. Posted in Quick start

Security assurance requirements are described by means of components. They were divided into 8 classes (see the table below). Each class is divided into families. In the given family there are components which express elementary issues about assurance development.

Class Class name
APE Protection Profile Evaluation
ASE  Security Target Evaluation
ADV  Development
AGD  Guidance Documents
ALC  Life-Cycle Support
ATE  Tests
AVA  Vulnerability Assessment
ACO Composition

Security functional requirements

Written by Super User. Posted in Quick start

In the CC standard security functional requirements are described by means of functional components. The functional components describe IT issues which refer to the requirements laid down for security functions. There are 11 component classes (see the table below), divided into families. The components are made of elements. Each element presents in detail a given issue from the point of view of information technology. The catalogue of functional components is used for modelling the behaviours of security measures (their functionality).

Klasa Nazwa klasy
FAU Security Audit
FCO Communication
FCS Cryptographic Support
FDP User Data Protection
FIA Identification and Authentication
FMT Security Management
FPR Privacy
FPT Protection of the TSF
FRU Resource Utilization
FTA TOE Access
FTP Trusted path/channels

Basic processes of CC methodology

Written by Super User. Posted in Quick start

1. TOE security development

In the process of security development, and on the basis of different security analyses, the Security Target (ST) document is prepared. This document is a set of: security functional requirements, which describe how security measures should work, and security assurance requirements, which tell how much assurance these measures can offer.

2. TOE product development

The process concerns the development of an IT product, including its documentation. The set of security functions, determined in ST, is implemented in the TOE according to the adopted technology and on the assumed EAL.

3. IT security evaluation

The security evaluation process is conducted on the basis of an evaluation scheme developed in a given country. The basic tool for this process is the security evaluation methodology CEM 

About Us

The Institute of Innovative Technologies EMAG is an R&D organization involved in the development and deployment of state-of-the-art devices, systems and technologies.

Contact Us

Łukasiewicz Research Network – Institute of Innovative Technologies EMAG
40-189 Katowice, ul. Leopolda 31
tel. + 48 (32) 2007-805,
e-mail: ccmode@ibemag.pl



Mighty Free Joomla Templates by MightyJoomla