Evaluation Assurance Level (EAL)
Assurance is measured from EAL1 to EAL7. The higher is the level, the higher is the rigour of the security development process and the more details it has to include. EALs are interpreted in the following way:
- EAL1 – TOE was functionally tested,
- EAL2 – TOE was structurally tested,
- EAL3 – TOE was methodically tested and checked,
- EAL4 – TOE was methodically designed, tested and reviewed,
- EAL5 – TOE was semiformally designed and tested,
- EAL6 – TOE was semiformally verified design and tested,
- EAL7 – TOE was formally verified design and tested.
EALs declared by developers for given IT products are described by specially composed sets of assurance components, called assurance packages.
Security assurance requirements
Security assurance requirements are described by means of components. They were divided into 8 classes (see the table below). Each class is divided into families. In the given family there are components which express elementary issues about assurance development.
| Class | Class name |
| APE | Protection Profile Evaluation |
| ASE | Security Target Evaluation |
| ADV | Development |
| AGD | Guidance Documents |
| ALC | Life-Cycle Support |
| ATE | Tests |
| AVA | Vulnerability Assessment |
| ACO | Composition |
Security functional requirements
In the CC standard security functional requirements are described by means of functional components. The functional components describe IT issues which refer to the requirements laid down for security functions. There are 11 component classes (see the table below), divided into families. The components are made of elements. Each element presents in detail a given issue from the point of view of information technology. The catalogue of functional components is used for modelling the behaviours of security measures (their functionality).
| Klasa | Nazwa klasy |
| FAU | Security Audit |
| FCO | Communication |
| FCS | Cryptographic Support |
| FDP | User Data Protection |
| FIA | Identification and Authentication |
| FMT | Security Management |
| FPR | Privacy |
| FPT | Protection of the TSF |
| FRU | Resource Utilization |
| FTA | TOE Access |
| FTP | Trusted path/channels |
Basic processes of CC methodology
1. TOE security development
In the process of security development, and on the basis of different security analyses, the Security Target (ST) document is prepared. This document is a set of: security functional requirements, which describe how security measures should work, and security assurance requirements, which tell how much assurance these measures can offer.
2. TOE product development
The process concerns the development of an IT product, including its documentation. The set of security functions, determined in ST, is implemented in the TOE according to the adopted technology and on the assumed EAL.
3. IT security evaluation
The security evaluation process is conducted on the basis of an evaluation scheme developed in a given country. The basic tool for this process is the security evaluation methodology CEM
