Which evaluation framework is used internationally to evaluate security products and produces results expressed as Evaluation Assurance Levels (EAL1–EAL7)?
A CISSP practice question covering Domain 3: Security Architecture and Engineering. Try answering before reading the explanation below.
Show options & answer
Why "Common Criteria (ISO/IEC 15408)" is the right answer
Common Criteria is the international successor to TCSEC and ITSEC, and it grades products on EAL1 through EAL7. FIPS 140-3 is specifically for cryptographic modules, not general products.
Study videos for this topic
Want to go deeper on Domain 3? Watch the full breakdown — every video is free, no account, no upsell.
CISSP Domain 3: Bell-LaPadula vs Biba (No More Mix-Ups)
Domain 3 — Security Architecture and Engineering
CISSP Domain 3: TPM, Reference Monitor, and TCB
Domain 3 — Security Architecture and Engineering
CISSP Domain 3: Cloud, ICS, IoT & Container Vulnerabilities
Domain 3 — Security Architecture and Engineering
CISSP Crypto: Which Key for Privacy vs Signing?
Domain 3 — Security Architecture and Engineering
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.