>Ron Luman II replies to Jim Hughes > > >> Is it arguable that the difference is minimal. Is there > >> a more formal description of what can be done with an > >> EAL3 vs an EAL4 device? > > > >If by 'what can be done' you are referring to recommended usage, > >I'm not aware of any. If you mean functionality, then you > >might want to re-read the webpage referenced in a previous > >message. EAL# does not specify functionality, only assurance. > >In other words, what processes were followed and how rigorously. > >The Protection Profile is what specifies the functionality.
Ron's description is correct, but may lead to a slight misunderstanding. As he says, the protection profile specifies the functional requirements, while the EAL# specifies assurance. To be a little more pedantic, the EAL# specifies the *assurance* requirements. When we say that a system has been rated "EAL4" we are saying that the evaluation has met a collection of evaluation requirements that are packaged together in the Common Criteria under the heading of EAL4. You may occasionally see people talk about "EAL4+" or "EAL4 Augmented" (or, as in the Microsoft case, "CAPP augmented", where CAPP can be replaced by any protection profile). In the case of EAL#, this means that additional evaluation requirements were met beyond those of EAL4. In the case of a protection profile, it means that additional functional requirements were included. However... One cannot altogether separate the evaluation requirements from the functional requirements. In certain areas where we have a lot of historical knowledge, the evaluation requirements become fairly precise. For example, there are evaluation requirements on how to evaluate a login authentication system. These have the side effect of implicitly requiring that the corresponding functional requirements have been met. When CAPP was designed, the authors specified that the highest assurance level that the CAPP functional requirements could support was EAL3. This may have subsequently been revised, but somebody should definitely invite a clarification on this from NIAP (the accrediting body for evaluation groups) on this point. Having looked at CAPP again, it is unclear to me how an EAL4 evaluation result could properly have been issued. This could well be my misunderstanding, so don't jump to any conclusions yet. The answer could very well lie in the protection profile augmentations the Microsoft did, which I have not examined. shap --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
