Evaluation assurance level | What is tested | Description |
1 | Functionality | Evaluation provides independent testing against a specification and an examination of the guidance documentation. Used when confidence in correct operation is required but the threats to security are not viewed as serious. |
2 | Structure | Evaluation provides a low to moderate level of independently assured security as Required by vendors or users. |
3 | Methodology | Evaluation provides an analysis supported by testing, selective independent confirmation of the vendor test results, and evidence of a vendor search for obvious vulnerabilities. |
4 | Methodology and Design | Evaluation provides a moderate to high level of independently assured security in conventional commodity products. Testing is supported by an independent search for obvious vulnerabilities. |
5 | Semiformal Design | Evaluation provides a high level of independently assured security in a planned development, with a rigorous development approach. The search for vulnerabilities must ensure resistance to penetration attackers with a moderate attack potential. |
6 | Semiformal Verified Design | Used for the development of specialized security products, for application in high risk situations. The independent search for vulnerabilities must ensure resistance to penetration attackers with a high attack potential. |
7 | Formal Design | Used in the development of security products for application in extremely high risk situations. Evidence of vendor testing and complete independent confirmation of vendor test results are. |