Common Criteria for Information Technology Security Evaluation (CC) is an international standard (ISO/IEC 15408) used to evaluate the security of IT products and systems. It’s recognized by over 30 countries and is widely used by governments, defense, and enterprises to ensure products meet strict security requirements.
🧱 What is EAL5+?
EAL stands for Evaluation Assurance Level, ranging from EAL1 (least assurance) to EAL7 (highest assurance).
EAL5+ means the product or system has been evaluated at Level 5 with augmented (enhanced) security mechanisms, hence the “+”.
✅ What Does EAL5+ Guarantee?
- Formal design and semi-formal verification of product security
- Rigorous testing under both simulated software and hardware attack scenarios
- Security assurance against sophisticated attackers, including physical access and manipulation
- Independent lab validation under globally agreed criteria
📌 Why is EAL5+ Important?
- Trusted for government-level security (e.g., defense, secure communications)
- Used in banking systems, smart cards, mobile processors, and cryptographic modules
- It indicates a high level of confidence that the product resists advanced attacks
🧠 Example Products with EAL5+ Certification
| Product | Certified EAL Level |
|---|---|
| Samsung Knox Vault | EAL5+ |
| Apple Secure Enclave (in iPhones) | EAL5+ |
| Smart Cards (e.g., ePassports) | EAL5 or EAL5+ |
| Trusted Platform Modules (TPMs) | EAL4+ to EAL5+ |
📖 Summary
- Common Criteria (CC) is the global benchmark for IT security evaluation.
- EAL5+ indicates high resistance to both logical and physical attacks.
- Devices with EAL5+ components, like Samsung Knox Vault or Apple Secure Enclave, offer trusted protection for biometric data, payments, and secure authentication.