Which encryption/evaluation level is described as requiring identity-based authentication in the source material?

Identity-based authentication is described in this context as an access control measure that is validated through a higher level of evaluation and testing. In Common Criteria, EAL 3 represents a level where the security design and its implementation are described in enough detail and subjected to sufficient testing to demonstrate that authenticating users is fundamental to protected operations. This level goes beyond basic functionality and shows that identity verification is integrated into the control of cryptographic functions, with evidence from design documents and testing reports confirming correct implementation. FIPS 140-2 levels focus on the cryptographic module’s physical and operational protections, and while Level 2 introduces some access controls, the source material’s emphasis on authenticated access as part of the evaluation aligns with EAL 3’s scope. Level 1 is too basic and Level 4 is overly stringent and centers more on tamper resistance and extreme physical security than on the authentication approach described. Hence, the requirement described corresponds to the EAL 3 evaluation level.