Talk:Evaluation Assurance Level

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Low‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Low This article has been rated as Low-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Low This article has been rated as Low-importance on the project's importance scale.

Does anyone know if EAL certifications are transferrable to subsequent versions of the same software? IE - if version 1.0 of something holds an EAL 4 certification, does that mean that version 2.0 will hold the same certification or does 2.0 have EAL 0 until it's evaluated?

216.54.146.100 19:07, 27 February 2006 (UTC)No, it won't apply. It's for that configuration only, any changes will need to be recertified. Why windows 2000 only has EAL 4 for SP3[reply]

What is EAL4+?? Seems most devices are trying for EAL4+ these days instead of EAL4

It might be worth noting that one company is currently seeking an eal 6+ certification for an operating system. I'm not sure if its relevant until they actually get (or don't get) the certification, but some readers may be interested. The press release is here: http://www.ghs.com/news/20050419_SAIC.html

I am removing the link to this document in the top of the page: http://web.archive.org/web/20060527063317/http://eros.cs.jhu.edu/~shap/NT-EAL4.html but leving it near the bottom where it's relevant. The issues with this is that it's not a technical paper, and the way it was used is misleading, much mroe so considering that it's out dated and relays the idea that ALL windows needs to be configured with a profile of no networking for EAL 4, while 2K3 has reached EAL 4 with many more profiles than it's 2K brother. And it also ponts out, but in a single line few people see, that Unix and Linux were in the same boat (This isn't actualy true, most unix flavors could never have gotten this ranking at the time, and Linux was still just to early back then) But the biggest issue is that this paper was actualy just propraganda about the writers own OS, EROS. At the time he wrote it, he had just taken his new job at standford, and was pushing EROS as the way to go, as in the paper he said "It is possible to do much better. EROS, a research operating system that we are working on here in the Systems Research Laboratory at Johns Hopkins University, should eventually achieve an EAL7 evaluation rating...", never mentioning what the EAL7 evaluation would be on, in other words, performing the same act he was complaining about before! And he made EAL 4 sound like anyone could get it if you had someone check your paperwork, but that isn't true. If it was, *WHAT* would they be checking in the paperwork? 4.160.246.146 21:40, 28 June 2007 (UTC) (Why the hell did I type all that just to remove one link...)[reply]

On their homepage at <http://www.lynuxworks.com/solutions/security.php>, it is stated that "the new LynxSecure separation kernel from LynuxWorks is the only operating system that supports both Common Criteria EAL-7 and DO-178B level A" and this seems to be in contradiction to the wording in the wikipedia article that "the Tenix Interactive Link Data Diode Device has been evaluated at EAL7 augmented, the only product to do so". —Preceding unsigned comment added by 83.233.18.20 (talk) 08:51, 20 November 2008 (UTC)[reply]

The text describing the levels appears to have been copied from somewhere. I see this material on several other websites. It may be in the standard, but that standard may itself be under a restricted copyright. Any ideas? GreenReaper (talk) 22:26, 6 October 2008 (UTC)[reply]

In http://www.commoncriteriaportal.org/products_OS.html#OS is stated that Microsoft Windows Vista and Windows Server 2008 are EAL1 (not EAL4) certified. I removed those systems from the section about EAL4. Can anyone verify this case further?

They were EAL1 and EAL4 was in evaluation, the source is from when it was still being evaluated. It wasn't updated on the main list but other pages on the site list the current rating. See http://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf "The evaluation determined the Windows Vista and Windows Server 2008 TOE to be Part 2 extended, and to meet the Part 3 Evaluation Assurance Level (EAL 4) augmented with ALC_FLR.3 requirements."

Also see http://blogs.msdn.com/b/timmyers/archive/2009/09/23/windows-vista-and-windows-server-2008-are-common-criteria-certified-at-eal4.aspx 184.10.158.87 (talk) 05:36, 15 May 2013 (UTC)[reply]

http://www.dsd.gov.au/infosec/evaluation_services/epl/network_security/compucat_sos.html is a link to a device that has EAL-7 - a Secure Optical Switch - However Compucat was bought by Raytheon so there is no indication of the current availability of the device (and/or Compucat's other E6 devices) Arffred (talk) 01:23, 15 April 2010 (UTC)[reply]

It seems that FreeBSD isn´t a CC certified operational system, and on recent search i haven´t found indications of a certification. It is known that Apple Mac OS X 10.6 is a operational system based on FreeBSD, and therefore FreeBSD could be considered EAL3+ compatible too? The FreeBSD basis is stated on the certification report^[1] of Mac OS X 10.6, chapter 5.

I recently read about seL4 ( Paper here ), the biggest claim of which is that it is formally verified, which seems to meet EAL7. If so, as the first formally verified kernel it may deserve mention. Can anyone confirm this? One of NICTAs proposals for seL4 Future of Trust in Computing claims that seL4 would meet EAL7 easily. —Preceding unsigned comment added by 69.255.119.79 (talk) 02:42, 11 February 2011 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on Evaluation Assurance Level. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20060420052906/http://www.microsoft.com/presspass/press/2005/dec05/12-14CommonCriteriaPR.mspx to http://www.microsoft.com/presspass/press/2005/dec05/12-14CommonCriteriaPR.mspx

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 11:03, 25 September 2017 (UTC)[reply]