Who is responsible for EAL accuracy?

The key idea is accountability for the accuracy of access authorization data. The EAL (the list of who is authorized to enter a facility or system and at what level) must reflect the true, current approvals. That accuracy rests with the entity that initiates and controls those approvals—the requesting agency. They are the source of truth for who needs access, what level is required, and when permissions change. When the requesting agency provides or updates the authorization data, they ensure the EAL matches real-world authorizations, and they coordinate updates as roles shift or personnel depart. Security force personnel oversee and enforce access, ensuring the right people are admitted and procedures are followed; they don’t own the data that determines who should be on the list. The MRABL administrator maintains the system and its configuration, but the correctness of who is in the EAL comes from the information supplied by the requesting agency. A security guard enforces access at the point of entry but doesn’t manage or validate the underlying authorization data. So, the responsibility for EAL accuracy sits with the requesting agency because they provide and verify the authoritative authorization data that the EAL records reflect.