Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

W O R K S H O P

Certification Security Blanket

July 24, 2003
By Mike Fratto

>> continued from previous page

CC EALs

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Something in Common
	CC Glossary
	CC EALs
	Sites to See

• EAL1: The TOE is tested to ensure it does what the vendor claims.

• EAL2: The TOE is tested as in EAL1 and existing vendor documentations of development are examined.

• EAL3: The vendor must show evidence that it has looked for vulnerabilities; the evaluator confirms the vendor results. This level requires more stringent development processes.

• EAL4: In-depth examination of the individual TOE components and product life-cycle management. Evaluator also looks for vulnerabilities.

• EAL5: The formal model describing the TOE and the functional specification are examined, as well as moderate resistance to attack, convert channel analysis and a required modular design.

• EAL6: Analysis of the design and the implementation of the TOE. More in-depth convert channel analysis and stronger development controls. Testing of the product for high resistance to attack.

• EAL7: Formalized testing of the TOE design and functional specification. All vendor tests are independently verified.