Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Certification Security Blanket: Page 7 of 9

ST (Security Target): This document provides the environmental context and protection expectations that a TOE supports for an EAL. The ST is written by the vendor and reviewed by the CC evaluator. The ST helps you understand the vendor's claims of what the product features should do and how they should be used. It also gives you some context when you read the Certification Report.

TOE (Target of Evaluation): The product or
subsystem being tested, such as a firewall or
encryption processor. The TOE is described in the ST.

• EAL1: The TOE is tested to ensure it does what the vendor claims.

• EAL2: The TOE is tested as in EAL1 and existing vendor documentations of development are examined.

• EAL3: The vendor must show evidence that it has looked for vulnerabilities; the evaluator confirms the vendor results. This level requires more stringent development processes.

• EAL4: In-depth examination of the individual TOE components and product life-cycle management.
Evaluator also looks for vulnerabilities.