Assurance is measured from EAL1 to EAL7. The higher is the level, the higher is the rigour of the security development process and the more details it has to include. EALs are interpreted in the following way:
- EAL1 – TOE was functionally tested,
- EAL2 – TOE was structurally tested,
- EAL3 – TOE was methodically tested and checked,
- EAL4 – TOE was methodically designed, tested and reviewed,
- EAL5 – TOE was semiformally designed and tested,
- EAL6 – TOE was semiformally verified design and tested,
- EAL7 – TOE was formally verified design and tested.
EALs declared by developers for given IT products are described by specially composed sets of assurance components, called assurance packages.