Common Criteria Evaluation Assurance Levels - From EAL 1 To EAL 4

‍Common Criteria is a robust framework for evaluating and certifying the security features of IT products, with the Evaluation Assurance Level (EAL) serving as a crucial measure of security evaluation depth and rigor. In this article, we will explore the various Common Criteria security levels and their significance in ensuring the robustness of IT products.

Within the realm of information technology security, Common Criteria (CC) stands as a robust framework for the meticulous evaluation and certification of IT product security features. Central to this framework is the Common Criteria Evaluation Assurance Level (EAL), a pivotal metric that gauges the depth and rigor of security assessments. But how does this comprehensive framework contribute to the trustworthiness and reliability of IT products? What structured approach does Common Criteria bring to the evaluation process? 

‍

What is Common Criteria?

Common Criteria for Information Technology Security Evaluation, commonly known as Common Criteria (CC), is a globally recognized framework and international standard (ISO/IEC 15408) that provides guidelines for independently assessing and certifying the security features of IT products. 

This comprehensive framework serves as a crucial tool for evaluating the trustworthiness and reliability of these products, ensuring that they meet specified security requirements. Common Criteria establishes a structured approach to the evaluation process, defining terminology and outlining techniques for assessing security features. 

It plays a pivotal role in validating that a particular IT system or product, referred to as the Target of Evaluation (TOE), adheres to rigorous and standardized security practices. The certification process involves thorough scrutiny of the TOE's specification, implementation, and cybersecurity evaluation, providing stakeholders with assurance that the product has undergone a robust and repeatable evaluation at a level suitable for its operational environment. Common Criteria is instrumental in enhancing cybersecurity and building trust in IT products across diverse industries.

Understanding Common Criteria Security Levels

EAL1 through EAL7 represents a grading system assigned after a security evaluation based on the Common Criteria, a global standard since 1999. Each ascending EAL level indicates higher assurance requirements that a computer system or product must meet for Common Criteria certification.

The goal is to instill greater confidence in the reliable implementation of the system's principal security features. It's important to clarify that the EAL level itself doesn't measure the inherent security of the system. Instead, it signifies the extent of testing the system underwent. To achieve a particular EAL, products must meet specific assurance requirements, including design documentation, design analysis, functional testing, and penetration testing.

Higher EALs require more detailed documentation, analysis, and testing compared to lower levels. This increased rigor comes at a higher cost and longer time investment. Achieving a higher Common Criteria security level generally involves more financial resources and time compared to achieving a lower one. The EAL number assigned to a certified system signifies the successful completion of all requirements for that specific level of certification.

‍

‍

Common Criteria Security Levels Explained

Protection Profiles and/or Evaluation Assurance Levels must be chosen before starting a Common Criteria evaluation project. The Protection Profile (PPro) defines a standard set of safety requirements for a specific product type, such as a firewall. An Evaluation Assurance Level (EAL) represents how thoroughly a product is tested.

For organizations where developers or users demand moderate to extremely high independently assured security, EAL4+ certifications should be a consideration. This allows high-profile agencies to ensure their products or services can withstand additional security-specific engineering costs, with the value of the protected asset justifying these supplementary expenses.

EAL 1: Minimal Security Focus

At the foundational level of the Common Criteria security, EAL 1 reflects a minimal emphasis on security. Products evaluated at this level primarily undergo functional testing, with security considerations taking a back seat.

This first level is typically reserved for products with no significant security requirements, where the primary concern is the functionality of the system rather than its security features.

EAL 1 serves as a baseline for products that operate in environments where the risk of security threats is negligible. While it provides a basic level of assurance regarding functionality, it is unsuitable for products that handle sensitive or confidential information.

EAL 2: Basic Security Considerations

EAL 2 marks a progression in the importance given to security, although it is still not the primary focus. At this level, the evaluation process involves a closer examination of the design and architecture of the product to identify potential vulnerabilities.

This Common Criteria security level is commonly employed for low-risk systems or products where a basic level of security assurance is necessary, but the threat landscape is not particularly severe.

The emphasis on potential vulnerabilities in the design and architecture at EAL 2 ensures a more thoughtful consideration of Common Criteria security features. While it may not be suitable for susceptible systems, EAL 2 provides a stepping stone toward more comprehensive security evaluations.

‍

‍

EAL 3: Moderate Security Assurance

As we ascend the Common Criteria security Levels, EAL 3 signals a significant increase in security integration into the product evaluation process. Systematic testing and a thorough review of security features become integral components of the evaluation at this level.

EAL 3 is well-suited for products requiring moderate security assurances, such as network appliances operating in environments with mild data sensitivity.

The shift towards systematic testing at EAL 3 ensures a more proactive approach to identifying and mitigating potential security vulnerabilities. This level balances functionality and security, making it appropriate for a broader range of applications.

EAL 4: Heightened Security Measures

EAL 4 represents a substantial leap in security measures. The evaluation at this level includes a comprehensive security assessment encompassing design, testing, and code review. 

This Common Criteria security level is often chosen for products in sectors with heightened security requirements, such as government and defense, where the potential impact of security breaches is significant.

The emphasis on code review and comprehensive security assessments at EAL 4 ensures a more robust defense against potential threats. While the resource investment is higher, the confidence level in the product’s security capabilities also considerably increases.

EAL 5: Formal, Repeatable Security Processes

EAL 5 introduces a formal and repeatable process for security development. This level is typically associated with mission-critical systems where safety assurance is necessary to mitigate potential risks.

The formalization of security processes at EAL 5 ensures consistency and reliability in developing and implementing safety features.

Products at this Common Criteria security level are expected to adhere to rigorous safety standards, making them suitable for applications where the consequences of failures could be severe. EAL 5 signifies a commitment to maintaining high security throughout the product's life cycle.

EAL 6: Formal Verification of Design and Security Mechanisms

EAL 6 represents an even higher level of scrutiny, focusing on formally verifying the product's design and security mechanisms. 

This level is reserved for highly critical systems where security breaches could have catastrophic consequences. The formal verification process ensures that the product's design and security mechanisms meet stringent standards and are less vulnerable.

It is characterized by meticulously examining every aspect of the product’s security features, making it suitable for applications with the highest level of assurance. The investment in resources at this level reflects the critical nature of the systems being evaluated.

EAL 7: The Pinnacle of Assurance

EAL 7 stands as the highest level of assurance within the Common Criteria framework. Products undergoing evaluation at this level undergo formal methods to verify the design and implementation of security functions. This level is reserved for products in the most critical and secure environments, such as national defense systems.

It signifies the utmost commitment to security, ensuring that every aspect of the product's security functions is rigorously tested and verified. Products achieving EAL 7 certification provide the highest confidence level in their ability to withstand sophisticated and determined security threats.

‍

‍

‍

What Should You Consider When Deciding?

Choosing the appropriate Evaluation Assurance Level (EAL) for a product is a strategic decision that goes beyond a simple classification. It requires a thorough understanding of the product, the associated risks, and the desired level of security assurance. Here are key factors to consider when deciding on the right Common Criteria Assurance Level for your product:

1. Resource Allocation‍

One of the critical considerations when deciding on an EAL is resource allocation. Moving from EAL 1 to EAL 4 represents a significant increase in the demand for resources both in terms of time and budget. EAL 4 requires manufacturers to allocate resources for security experts, specialized tools, and extensive documentation. This investment is crucial for conducting a thorough and comprehensive security assessment.

2. Expertise

Higher Evaluation Assurance Levels demand a higher level of security expertise compared to lower levels. Manufacturers aiming for higher levels must have a team well-versed in security design and testing. The evaluation process at this level is more complex, requiring a deep understanding of potential vulnerabilities and implementing robust security measures. Ensuring that the team possesses the necessary expertise is paramount to achieving success at EAL 4.

3. Documentation

All Common Criteria assessments need specific and carefully prepared documentation. Manufacturers must meticulously document the entire security development and testing process. This documentation serves as evidence of compliance with the stringent requirements of this level. The level of detail required ensures transparency and traceability, essential aspects of a robust security certification.

4. Integration Throughout the Software Development Life Cycle

Security should not be an afterthought but an integral part of the development process from the initial design phases to the final implementation. This holistic approach ensures that security measures are effective and seamlessly integrated into the product.

5. Testing Rigor

Rigorous testing is a cornerstone of all Evaluation Assurance Levels. This includes functional and security testing, focusing on identifying vulnerabilities and weaknesses in the product. Manufacturers must be prepared for thorough evaluations, including simulated attacks and comprehensive testing scenarios. Testing rigor ensures the product's security features are robust and capable of withstanding potential threats.

6. Development Timelines

Higher Evaluation Assurance Levels lead to longer development timelines. The integration, testing, and validation of security measures complicate the development process. 

Manufacturers should plan accordingly, considering the potential delays associated with achieving a higher level of security assurance. Careful project management and realistic timelines are crucial to avoiding unexpected setbacks and ensuring the successful delivery of the product.

How Can CCLab Help?

As an agile cybersecurity lab, CCLab extends evaluation and consultation services to organizations interested in Common Criteria Evaluation certifications. The application of agile methodologies throughout the consultation and pre-evaluation process allows clients to sidestep unforeseen complications, extra costs, and delays in the certification journey. 

CCLab is recognized for its ability to achieve remarkably fast project delivery, completing an EAL4+ evaluation project in approximately four months for well-prepared customers, a notable achievement within the industry.

Summary

Common Criteria's Evaluation Assurance Levels (EAL) provide a standardized framework for assessing IT product security. The choice of EAL level is a critical decision that involves balancing security requirements with resource allocation. 

Selecting the right EAL level and a competent evaluation partner like CCLab is crucial for strengthening cybersecurity. As technology advances, the Common Criteria framework remains a cornerstone for ensuring the trustworthiness and security of IT products in an ever-evolving digital landscape.