What characterizes/differentiates the robustness levels?
At basic robustness, the amount of protection is minimal (either because of the low value of the assets, or of the trustworthiness of the users, or both). There are minimum functionality requirements that must be address from the basic robustness Consistency Instruction Manual (CIM) . Assurance is, at a minimum, EAL2 (v2.3) augmented with AVA_MSU.1 and ALC_FLR.2 or EAL2 (v3.1) augmented with ALC_FLR.2. At medium robustness, the presumed environment is more hostile, or the assets are more valuable, or both. Consequently, the lowest level of functionality is likely not appropriate. There are minimum functionality requirements that must be address from the medium robustness (CIM) that must be addressed. For example, I&A of users will likely have to be performed on the basis of individuals; groups of users will be inadequate. (This will obviously depend upon the technology type of the TOE.) For all cases, medium robustness requires the TOE provide self-protection and non-bypassability. Ass