EAL

EAL

An Evaluation Assurance Level (EALEALSecuritySecurity evaluation depth rating (1-7).Click to view →) is a numerical rating from 1 to 7 that indicates the depth, rigor, and formality of a Common Criteria security evaluation. Higher EAL levels require more extensive documentation, more thorough testing, and more formal design verification methods. In the smart card industry, EAL ratings determine whether a chip or card platform can be deployed in payment, government, and telecom applications.

EAL Scale

EAL Augmentation (EAL4+, EAL5+)

Smart card certifications almost always use augmented EAL levels, denoted with a "+" suffix. The augmentation adds specific assurance components — most commonly AVA_VAN.5 (high resistance to attackers with high attack potential). This is critical for smart cards because the physical attack surface requires evaluation of resistance to SPA/DPA power analysis, fault injection, and other side-channel attacks.

For example, an EMVEMVApplicationGlobal chip payment card standard.Click to view → payment chip certified at "EAL4+ AVA_VAN.5" has undergone EAL4 design review plus high-level vulnerability analysis equivalent to EAL6 attack-resistance testing.

Industry Requirements

Evaluation Cost and Timeline

A typical smart card CC evaluation takes 6-18 months and costs $200K-$1M depending on the EAL level and complexity. Chip vendors (NXP, Infineon, Samsung) maintain composite evaluations covering the hardware IC, while card OS vendors (JavaCard implementations) certify the software platform separately. The final card product may receive a composite certificate combining both evaluations.