Evaluation Assurance Levels (EAL)
Evaluation Assurance Levels (EAL) are a numerical grade from 1 to 7 that indicates the depth and rigor of a Common Criteria evaluation. They are defined in ISO/IEC 15408-3 (Part 3: Security assurance components).
Summary: EAL1–EAL7 grade how rigorously a product was evaluated under Common Criteria, not how secure it is; most commercial products target EAL2–EAL4.
Key facts
- Range: EAL1 (functionally tested) through EAL7 (formally verified design and tested)
- Defined in: ISO/IEC 15408-3 (CC Part 3)
- What it measures: Evaluation rigor and evidence depth, not inherent product security
- Most common levels: EAL2 globally, EAL4/EAL4+ in smart card and HSM markets
- Augmentation: “EAL4+” indicates additional assurance components (e.g., AVA_VAN.5, ALC_FLR.2)
- CCRA recognition: Typically capped at EAL2 baseline, or EAL4 for specific collaborative Protection Profiles
Quick reference
| Level | Name | Key activities |
|---|---|---|
| EAL1 | Functionally tested | Basic functional testing against documentation |
| EAL2 | Structurally tested | High-level design review, independent testing, basic vulnerability analysis |
| EAL3 | Methodically tested and checked | More structured testing, development environment controls |
| EAL4 | Methodically designed, tested, and reviewed | Source code review, independent vulnerability testing, detailed design analysis |
| EAL5 | Semiformally designed and tested | Semiformal design notation, covert channel analysis |
| EAL6 | Semiformally verified design and tested | Semiformal proof of design correspondence |
| EAL7 | Formally verified design and tested | Formal mathematical verification |
What EAL measures
EAL measures evaluation rigor, not product security. A higher EAL means the evaluator performed more in-depth analysis, reviewed more documentation, and conducted more extensive testing. It does not mean the product is inherently “more secure.”
A simple product at EAL4 and a complex product at EAL2 may offer equivalent real-world security for their respective use cases. The EAL only tells you how confident you can be that the product meets its stated security claims.
EAL augmentation (+)
Certifications described as “EAL4+” include additional assurance components beyond the base level. Common augmentations:
- AVA_VAN.5 - Enhanced vulnerability analysis
- ALC_DVS.2 - Stronger development security controls
- ALC_FLR.2/3 - Flaw remediation procedures
Augmentation allows vendors to strengthen specific areas without committing to a full higher EAL level.
Distribution in practice
- EAL2 - Most common globally; the standard for commercial product certification
- EAL4/EAL4+ - Second most common; strong in smart cards and payment terminals
- EAL5+ - Primarily smart card operating systems and secure microcontrollers
- EAL1, EAL3, EAL6, EAL7 - Comparatively rare
For a detailed guide with practical advice on choosing the right EAL level, see our blog post: Guide to EAL Levels.
Tracking EAL levels
NenkinTracker tracks EAL levels alongside all certification metadata across CCRA member schemes. Filter and compare products by assurance level across BSI, ANSSI, NIAP, and other schemes.
See also
- What is Common Criteria? — the wider framework EAL sits within.
- Protection Profiles (PP) — PP conformance complements EAL when specifying procurement requirements.
- Certification Schemes Overview — how different schemes approach EAL in practice.
- Guide to EAL Levels: What EAL2, EAL4, and EAL5+ Actually Mean — long-form guide with distribution data and procurement advice.