CEVAP 158 :
25.08.2011 tarihli Resmi Gazetede yayınlanan KAYITLI ELEKTRONİK POSTA SİSTEMİ İLE İLGİLİ SÜREÇLERE VE TEKNİK KRİTERLERE İLİŞKİN TEBLİĞ’İN 4.maddesine göre EAL (Evaluation Assurance Level): Değerlendirme Garanti Düzeyini ifade eder.
25.08.2011 tarihli Resmi Gazetede yayınlanan KAYITLI ELEKTRONİK POSTA SİSTEMİ İLE İLGİLİ SÜREÇLERE VE TEKNİK KRİTERLERE İLİŞKİN TEBLİĞ’İN Belgeler başlıklı 10.maddesine göre KEPHS; Elektronik imza oluşturma araçlarının; en az EAL4+ seviyesinde olduğunu
yetkili kurum veya kuruluşlardan alınan belgelerle belgelendirir.
http://en.wikipedia.org/wiki/Evaluation_Assurance_Level
The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system’s principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.
To achieve a particular EAL, the computer system must meet specific assurance requirements. Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones. Achieving a higher EAL certification generally costs more money and takes more time than achieving a lower one. The EAL number assigned to a certified system indicates that the system completed all requirements for that level.
Although every product and system must fulfill the same assurance requirements to achieve a particular level, they do not have to fulfill the same functional requirements. The functional features for each certified product are established in the Security Target document tailored for that product’s evaluation. Therefore, a product with a higher EAL is not necessarily “more secure” in a particular application than one with a lower EAL, since they may have very different lists of functional features in their Security Targets. A product’s fitness for a particular security application depends on how well the features listed in the product’s Security Target fulfill the application’s security requirements. If the Security Targets for two products both contain the necessary security features, then the higher EAL should indicate the more trustworthy product for that application.
CEVAP 158 :
25.08.2011 tarihli Resmi Gazetede yayınlanan KAYITLI ELEKTRONİK POSTA SİSTEMİ İLE İLGİLİ SÜREÇLERE VE TEKNİK KRİTERLERE İLİŞKİN TEBLİĞ’İN 4.maddesine göre EAL (Evaluation Assurance Level): Değerlendirme Garanti Düzeyini ifade eder.
25.08.2011 tarihli Resmi Gazetede yayınlanan KAYITLI ELEKTRONİK POSTA SİSTEMİ İLE İLGİLİ SÜREÇLERE VE TEKNİK KRİTERLERE İLİŞKİN TEBLİĞ’İN Belgeler başlıklı 10.maddesine göre KEPHS; Elektronik imza oluşturma araçlarının; en az EAL4+ seviyesinde olduğunu
yetkili kurum veya kuruluşlardan alınan belgelerle belgelendirir.
http://en.wikipedia.org/wiki/Evaluation_Assurance_Level
The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system’s principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.
To achieve a particular EAL, the computer system must meet specific assurance requirements. Most of these requirements involve design documentation, design analysis, functional testing, or penetration testing. The higher EALs involve more detailed documentation, analysis, and testing than the lower ones. Achieving a higher EAL certification generally costs more money and takes more time than achieving a lower one. The EAL number assigned to a certified system indicates that the system completed all requirements for that level.
Although every product and system must fulfill the same assurance requirements to achieve a particular level, they do not have to fulfill the same functional requirements. The functional features for each certified product are established in the Security Target document tailored for that product’s evaluation. Therefore, a product with a higher EAL is not necessarily “more secure” in a particular application than one with a lower EAL, since they may have very different lists of functional features in their Security Targets. A product’s fitness for a particular security application depends on how well the features listed in the product’s Security Target fulfill the application’s security requirements. If the Security Targets for two products both contain the necessary security features, then the higher EAL should indicate the more trustworthy product for that application.