An Evaluation Assurance Level (EAL) is a security rank assigned to an IT product or system after a Common Criteria (CC) security evaluation. The level indicates to what extent the product or system was tested. A product or system must meet specific assurance requirements to achieve a particular EAL. Requirements involve design documentation, analysis and functional or penetration testing. The highest numerical level provides the highest guarantee that the system's principal security features are reliably applied and tested.
EAL 2: Structurally Tested. Analysis of the security functions using a functional and interface specification and the high level design of the subsystems of the TOE. Independent testing of the security functions, evidence of developer "black box" testing, and evidence of a development search for obvious vulnerabilities. (5)