EAL Level Comparator

Compare Common Criteria Evaluation Assurance Levels side by side.

Comparator
Criteria
Y Required P Partial - Not required

All EAL Levels Reference

Level Name

How to Use

  1. 1
    Select two EAL levels to compare

    Choose any two Common Criteria Evaluation Assurance Levels (EAL1 through EAL7, with or without augmentation) from the dropdown menus on each side of the comparison panel.

  2. 2
    Review the assurance component differences

    The comparator lists all Security Assurance Requirements (SARs) present in each level per ISO/IEC 15408-3, highlighting which components are added, strengthened, or replaced when moving between levels.

  3. 3
    Check certification applicability by product category

    Review the reference table showing which EAL levels are typically required for smart cards, HSMs, operating systems, and network devices under major national and sector-specific certification schemes.

About

The EAL Level Comparator provides a structured side-by-side analysis of Common Criteria Evaluation Assurance Levels as defined in ISO/IEC 15408-3, the international standard for information technology security evaluation. It is designed for product security architects, procurement officers, and compliance engineers who need to understand what each EAL level requires and what security assurance it provides.

Common Criteria's seven EAL levels differ not in the security functions a product must implement, but in the depth and rigor of the evaluation process used to verify those functions. The comparator maps each level to its constituent Security Assurance Requirements (SARs)—the specific evaluation activities covering documentation, testing, vulnerability analysis, and design review—so you can understand exactly what changes when specifying EAL4 versus EAL5 for a procurement requirement.

For smart card and hardware security module vendors, the comparator also shows which augmented SARs (particularly AVA_VAN.4 and AVA_VAN.5 for vulnerability analysis) are required by major payment network and government ID specifications. Understanding these requirements early in product development prevents the expensive rework of security architectures that do not meet the analysis depth required at higher EAL levels.

FAQ

Are the smart card tools free to use?
Yes, all tools on SmartCardFYI are completely free with no account required. Tools run entirely in your browser (client-side JavaScript) and do not send your data to any server, ensuring privacy for sensitive information like APDU commands, ATR strings, or AID bytes.