Network Security:
Sometimes commercial products include the fact that they are approved to meet Common Criteria at some specified Evaluated Assurance Level(often EAL 3 or EAL 4) in the product literature. Assuming that this is a true claim (you can verify it by looking at the "evaluated products list" on the National Information Assurance Partnership website), why is this not enough to just say "this product meets our security requirements"? Discuss what else you have to consider before selecting such a product for a system.