Evaluation Assurance Levels (EAL) characterize the trustworthiness of an IT system in a security performance. Within the framework of the Common Criteria( CC), the EAL levels are used to determine the security tests.
There are seven EAL levels, labeled 1 through 7, which represent a higher security standard as the number increases. For example, at EAL levels EAL1 and EAL2, systems are tested functionally and structurally. These simple functionality tests do not represent sufficient confidence in the IT security tests. The higher EAL levels EAL3 and EAL4 indicate that the systems have been methodically tested andverified, and the upper EAL levels EAL6 and EAL7 provide the highest security standard with formal logical verification. At these EAL levels, the user of IT equipment can be sure that the security functions have been implemented correctly.
Based on the EAL levels, the security functionalities of programs and systems can be compared. However, when evaluating security performance, the vulnerabilities through which intruders can enter or attacks can be carried out on the system must be analyzed.