TCB: The trusted computer base (TCB) is the sum of all the protection mechanisms within a computer and is responsible for enforcing the security policy. This includes hardware, software, controls, and processes.
Read about TCSEC Evaluation Classes.
Read about ITSEC Evaluation Levels.
Evaluation Assurance Level (EAL)
The CC (Common Criteria) has provided 7 predefined assurance packages known as Evaluation Assurance Levels (EALs):
- EAL 1: This assurance level have applications where the threat to security is not serious at now.
- EAL 2: This level is applicable when low to moderate level of independently assured security is required.
- EAL 3: It is suitable for places where a moderate level of security is required.
- EAL 4: Suitable for medium-high levels of security required.
- EAL 5: It is applicable where a high level of independently assured security is required.
- EAL 6: This evaluation level is applicable where assets are valuable, and risks are high. The additional requirements are on analysis, design, development, configuration management.
- EAL 7: This is applicable where assets are highly valuable, and the risks are extremely high. So, the assurance is gained through the application of methods include testing and formal analysis.
Go CISSP’s Home