Overview
ADA CASA assurance levels are a way of classifying the security of an application based on the level of assurance that the application is compliant with the CASA requirements. The higher the assurance level, the higher the confidence that the application has implemented the required CASA controls.
All requirements must be satisfied for every level, the only difference between each level is the assessment method that applies. ADA CASA assurance levels provide a way of objectively assessing the security of an application. The higher the assurance level, the higher the confidence that the application has implemented the CASA controls.
Assurance Level (AL)
| AL | Name | Description |
|
2
|
Lab Tested - Lab Verified | During this assessment, the authorized lab will test and validate all CASA requirements. This is a comprehensive assessment that tests the application, the application deployment infrastructure and any user data storage location for compliance with all of CASA requirements (when applicable). Developers can contact one of the ADA authorized labs to complete an AL2 assessment. |
|
1
|
Lab Tested - Lab Verified | AL1 has a lab tested and validated assurance level where developers can contact one of the ADA authorized labs to complete an AL1 assessment. |
Assurance Level Calculation
The framework users (Google..etc) and not the application developer calculate and determine which assurance level is required. CASA recommends the following parameters to calculate the application required assurance level:
-
The sensitivity of the data the application is accessing. Each data type might be given a risk weight to affect the AL calculation.
-
The amount of users per type of data accessed.
-
The company risk tolerance level.
-
External and internal risk indicators.
Revalidation Requirements
All applications must be revalidated every year.