On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote:
> Besides what's written above. EAL is meaningless unless you read the
> Protection Profile. EAL is the assurance level *against* the
> protection profile. If your PP specifies only that in your systems,
> users login using passwords you can easily get EAL7, but that would be
> so meaningless...
ITYM s/Protection Profile/Security Target/
Protection Profiles are optional. Security Targets are mandatory and *can*
claim conformance to a PP, but don't need to unless you have a e.g. certain
target market.
Cheerio,
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.ribbrock.org/
"You have to live on the edge of reality - to make your dreams come true!"
