In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?
Correct Answer: C
In the Common Criteria (CC) for Information Technology (IT) Security Evaluation, increasing Evaluation Assurance Levels (EAL) results in an increase in resource requirement. CC is an international standard that provides a framework for evaluating the security properties and assurance of IT products and systems. CC defines seven EALs, ranging from EAL1 (the lowest) to EAL7 (the highest), that indicate the depth and rigor of the security evaluation. Higher EALs require more evidence, documentation, testing, analysis, and review of the security functionality and assurance of the IT product or system. Therefore, higher EALs also require more resources, such as time, money, effort, and expertise, to conduct and complete the security evaluation.
Higher EALs do not necessarily result in increased functionality, increased interoperability, or increase in evaluated systems, as these are not the objectives or outcomes of the security evaluation. Functionality refers to the features and capabilities of the IT product or system, which are defined by the security functional requirements (SFRs) in the CC. Interoperability refers to the ability of the IT product or system to work with other products or systems, which are not directly related to the security evaluation. Evaluated systems refer to the number of IT products or systems that undergo the security evaluation, which are determined by the market demand and the availability of the evaluation facilities and schemes. References:
* Common Criteria
* Evaluation Assurance Level
* Common Criteria for Information Technology Security Evaluation