The IT Law Wiki
The IT Law Wiki

Definitions[]

An assurance level (also level of assurance) is

[a] specific level on a hierarchical scale representing successively increased confidence that a target of evaluation adequately fulfills the requirements.[1]
the level of trustworthiness, or confidence in the reliability of each of the three stages of the digital ID process.[2]
a measure of trust or confidence in an authentication mechanism in terms of four levels: Level 1 - little or no confidence; Level 2 - some confidence; Level 3 - high confidence; Level 4 - very high confidence[3]
[t]he Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999.[4]
a level of confidence in the process used to validate and establish the identity of a person attempting to access an information system.[5]
[t]he amount of assurance obtained according to the specific scale used by the assurance method. The amount of assurance obtained generally is related to the effort expended on the activities performed.[6]

Overview[]

"The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested."[7]

References[]