Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP-2020 > Common Criteria > Flashcards

Common Criteria Flashcards

1
Q

EAL1

A

Functionally Tested

Description: Applies when some confidence in correct operation is required but where threats to security are not serious. This is of value when independent assurance that due care has been exercised in protecting personal information is necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EAL2

A

Structurally Tested

Description: Applies when delivery of design information and test results are in keeping with good commercial practices. This is of value when developers or users require low to moderate levels of independently assure security. IT is especially relevant when evaluating legacy systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

EAL3

A

Methodically tested and checked

Description: Applies when security engineering begins at the design stage and is carried through without substantial subsequent alteration. This is of value when developers or users require a moderate level of independently assured security, including a thorough investigation of TOE and its development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EAL4

A

Methodically tested, reviewed, and designed

Description: Applies when rigorous, positive security engineering and good commercial development practices are used. This does not require substantial specialist knowledge, skills, or resources. It involves independent testing of all the TOE security functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

EAL5

A

Semi-formally tested and designed

Describe: Uses rigorous security engineering and commercial development practices, including specialist security engineering techniques, for semi-formal testing. This applies when developers or users require a high level of independently assured security in a planned development approach, followed by rigorous development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

EAL6

A

Semi-formally tested and verified design

Description: Uses direct, rigorous security engineering techniques at all phases of design, development, and testing to produce premium TOE. This applies when TOEs for high-risk situations are needed, where the value of protected assets justified additional cost. Extensive testing reduces risks of penetration, probability of covert channels, and vulnerability to attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EAL7

A

Formally tested and verified design

Describe: Used only for highest-risk situations or where high-value assets are involved. This is limited to TOEs where tightly focused security functionality is subject to extensive formal analysis and testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP-2020 (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions