Continuing the series on the Common Criteria standard evaluation components, this blog page will deepen even more the understanding of the evaluation process and present the rest of the important components that are engaged in such processes.

Beside the protection profile or the security target, there are other components which are vital to the evaluation process. For instance, the Security Target (ST), like the protection profile, is another document that serves the purpose of uniquely identifying the particular security characteristics of the evaluation target. This is done in order to allow the producers and vendors to customize the evaluation process in order to best fit their requirements and the properties of their respective products. This process allows for differentiating in classes of similar products, such as network firewalls or databases, which can be evaluated differently, in accordance with their specific security protocols and fulfilled functions.

The Security Assurance Requirements (SARs) are set of descriptions for the various measures taken when the compliance assurance process is deployed for the development and evaluation of products, entities or objects. This compares the characteristics of all products against the declared security functionality, and determines if the required guidelines are respected. These include: program code packaging, full functions testing, and so on.

The Evaluation Assurance Level (EAL) was designed as a ranking system that provides a good description of the insight and rigor of any evaluation process, corresponding to a specific package dictated by the security assurance requirements (SARs) that manages to cover the full development process of any given product. This component relies on a strictness level that is imposed at the beginning of the deployment process. There are seven strictness levels, where level 1 is the most basic, and level 7 is the most accurate and stringent. Consequently, the costs for implementing the different strictness levels rise from the most basic to the strictest one.