PrepAway - Latest Free Exam Questions & Answers

Which statement below is accurate about Evaluation Assurance Levels (EALs) in the Common Criteria (CC)?

Which statement below is accurate about Evaluation Assurance Levels (EALs) in the Common Criteria
(CC)?

PrepAway - Latest Free Exam Questions & Answers

A.
A security level equal to the security level of the objects to which the subject has both read and
write access

B.
Requirements that specify the security behavior of an IT product or system

C.
A statement of intent to counter specified threats

D.
Predefined packages of assurance components that make up security confidence rating scale

Explanation:
An Evaluation Assurance Level (EAL) is one of seven increasingly rigorous packages of assurance
requirements from CC Part 3. Each numbered package represents a point on the CCs predefined
assurance scalE. An EAL can be considered a level of confidence in the security functions of an IT
product or system. The EALs have been developed with the goal of preserving the concepts of
assurance drawn from the source criteria, such as the Trusted Computer System Evaluation Criteria
(TCSEC), Information Technology Security Evaluation Criteria (ITSEC), or Canadian Trusted Computer
Evaluation Criteria (CTCPEC), so that results of previous evaluations remain relevant. EAL levels 2Ö7
are generally equivalent to the assurance portions of the TCSEC C2-A1 scale, although exact TCSEC
mappings do not exist. *Answer “A security level equal to the security level of the objects to which
the subject has both read and write access” is the definition of Subject Security Level. Asubjects
security level is equal to the security level of the objects to which it has both read and write access.
A subjects security level must always be dominated by the clearance of the user with which the
subject is associated. * Answer “A statement of intent to counter specified threats” describes a
Security Objective, which is a statement of intent to counter specified threats and/or satisfy
specified organizational security policies and assumptions. *Answer “Requirements that specify the
security behavior of an IT product or system” describes Security Functional Requirements. These are
requirements, preferably from CC Part 2, that when taken together specify the security behavior of
an IT product or system. Source: CC Project and DoD 5200.28-STD.


Leave a Reply