EAL Evaluation Course

This course will provide a deep dive into a Common Criteria (CC) Evaluation Assurance Level (EAL) 2.

2 hours, 51 minutes

Course description

This course begins with an overview of an EAL evaluation. We'll cover what level of an EAL you will want to have your product evaluated at and why EAL 2 is recommended. We'll discuss selecting an authorizing Common Criteria scheme and the pros and cons of selecting various international authorizing Common Criteria schemes. Once a scheme is decided on, you can get bids from various Common Criteria Testing Labs (CCTLs).


Conduct internal testing, lab testing — What to expect — Final package and getting product officially certified

Video - 00:07:00

Conduct internal testing, assemble the package and get your product officially certified.
FSP (functional specification) and HLD (high-level design)

Video - 00:12:00

A look at functional specification and high-level design.
Guidance documentation & life cycle

Video - 00:11:00

A look at guidance documentation and life cycle.
TOE Summary Specifications, Security Assurance Requirements (SAR) & threats, assumptions and objectives

Video - 00:09:00

Looking at TOE summary specifications, Security Assurance Requirements (SAR) and threats, assumptions and objectives.
Trusted Path/Channels (FTP)

Video - 00:06:00

A look at Trusted Path/Channels (FTP).
Protection of the TSF (FPT) & TOE Access (FTA)

Video - 00:05:00

A look at Protection of the TSF (FPT) & TOE Access (FTA).
Security Management (FMT)

Video - 00:08:00

A look at Security Management (FMT).
Identification and Authentication (FIA)

Video - 00:17:00

A look at Identification and Authentication (FIA).
User Data Protection (FDP)

Video - 00:08:00

A look at User Data Protection (FDP).
Cryptographic Support (FCS)

Video - 00:08:00

A look at Cryptographic Support (FCS).
Security Audit (FAU)

Video - 00:09:00

A look at the Security Audit (FAU).
How to write a Security Target for EAL SFRs

Video - 00:12:00

How to write a Security Target for EAL SFRs.
How to scope your TOE

Video - 00:08:00

How to scope your target of evaluation.
Security Target introduction

Video - 00:11:00

Overview of Security Target (ST) and the ST introduction.
Overview of required EAL vendor documentation

Video - 00:14:00

A high-level overview of EAL vendor documentation required for Common Criteria.
Common Criteria documentation

Video - 00:08:00

A high-level overview of Common Criteria documentation.
EAL evaluation overview

Video - 00:19:00

A high-level overview of an EAL Common Criteria evaluation.

Meet the author

Debra Baker

Debra Baker has over 20 years of information security experience, beginning with her time in the United States Air Force (USAF). After leaving the Air Force, she worked at IBM. She left IBM to work as a PKI integrator at Entrust Technologies. She then moved into governance, risk and compliance when she became a Common Criteria Evaluator at Cygnacom. Her Common Criteria experience continued on the vendor side, providing her expertise to multiple large-scale vendors while at Corsec and then at Cisco while on the Global Certification Team. She founded a new authoritative cryptographic knowledge base called Crypto Done Right which began as a collaboration between Cisco and Johns Hopkins University. 


Debra was recently named as one of the top 100 Women in Cybersecurity in the book Women Know Cyber: 100 Fascinating Females Fighting Cybercrime. She also is a contributor to the Language of Cybersecurity book. She frequently speaks at security conferences. She currently is a Sr Technical Program Manager at RedSeal. She is responsible for all product certifications, including Common Criteria, DOD-UCAPL, FIPS-140, SOC2 and FedRAMP. In addition, she manages large-scale customer deployments and leads an internal threat team that reviews the latest threats and how to defend using RedSeal.


Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust