“Getting close to exam date, my brother! Contact me and we can discuss any last-minute passing advice!!” – Luke Ahmed

Today is Day 49 of Yihenew’s CISSP study plan, focusing on Common Criteria (CC) — one of the most testable topics under Security Engineering and Evaluation Frameworks.

Common Criteria is about trust — verifying that security products actually do what they claim to do. As a CISSP, you’re expected to understand not how to configure a system, but how to evaluate its assurance and confidence level through structured validation.

Key Areas Covered in the CISSP Study Plan

• Purpose of Common Criteria:A globally recognized framework used to evaluate the security functionality and assurance of IT products and systems.

  • Replaced older standards like TCSEC (Orange Book) and ITSEC.

  • Standardized as ISO/IEC 15408.

• Core Components:

  1. Target of Evaluation (TOE): The product or system being assessed.

  2. Protection Profile (PP): A reusable set of security requirements for a particular product type (e.g., firewalls).

  3. Security Target (ST): A detailed document describing how the specific TOE meets the chosen Protection Profile.

  4. Evaluation Assurance Level (EAL): The degree of confidence that the TOE’s security claims are valid.

• Evaluation Assurance Levels (EAL1–EAL7):

  LevelMeaningExample Use CaseEAL1Functionally TestedBasic, minimal confidence (e.g., commercial software)EAL2Structurally TestedLow assurance, developer cooperationEAL3Methodically Tested and CheckedModerate assurance for medium-risk environmentsEAL4Methodically Designed, Tested, and ReviewedCommercially accepted, good security baselineEAL5Semiformally Designed and TestedHigh assurance for critical systemsEAL6Semiformally Verified Design and TestedVery high security needs (defense/military)EAL7Formally Verified Design and TestedMaximum assurance, mathematically verified

• Key Insight:EAL does not measure how “secure” a product is — it measures confidence in the evaluation process.

CISSP Exam Tie-In

Expect CISSP questions that test the difference between functionality and assurance.For example:

• “Which framework validates that a security product meets predefined requirements?” → Common Criteria.

• “Which EAL represents the highest level of assurance?” → EAL7.

• “Which component defines the product’s specific security claims?” → Security Target (ST).

CISSP will never ask you to memorize all seven EAL levels — but it will expect you to know their order and purpose.

Quick CISSP Practice Question

Which of the following best describes the purpose of the Evaluation Assurance Level (EAL) in Common Criteria?

A. It measures the strength of the product’s encryption algorithm

B. It defines the level of confidence in the product’s security evaluation

C. It describes the system’s overall performance and efficiency

D. It determines how frequently the system must be audited

✅ Correct Answer: B. It defines the level of confidence in the product’s security evaluation

Explanation:EALs represent the depth and rigor of the evaluation process — not how secure the product is. Higher EALs correspond to more formal and thorough testing, documentation, and verification.

Think Like a Manager:Don’t just trust — verify. A CISSP knows how to balance assurance, cost, and practicality when selecting evaluated products.

Check out Yani's TikTok or see Day 30 or Day 32.

👉 Can you take the Yani Challenge?

55 days of consistent CISSP prep, tackling one domain at a time, using only the resources below:

Course

Luke's CISSP Course (2 months access, $89.98)

One-to-one Zoom sessions with Luke Ahmed (2 weeks before exam)

Books, Notes, and Practice Questions

All-In-One Study Guide by Shon Harris (Around $45)

Sybex 10th Edition (Around $52.55)

Official CISSP Practice Tests, 4th Edition by Mike Chapple & David Seidl (Around $35)

How To Think Like A Manager for the CISSP Exam ($29.99)

Total Cost: approxiamately $250 depending on your geographic location. Yani is located in East Africa.

📚 Study Plan (55 Days of Dedication):

- Weekdays: 2–3 hours of focused study—late nights and early mornings (5 AM).

- Weekends: 5–6 hours of deep study sessions.

Pass CISSP in first attempt within 100 questions.

Yani's biggest expense was his time, committment, consistency, and dedication! It was worth it because he passed first attempt in 100 questions using the above resources only.

If Yihenew could do it, so can you.

All the best Future CISSP. You can feel free to contact me anytime as well.

Thank you.

Luke Ahmed