Abstract: National criteria GB/T 20274 defines the set of security technical assurance elements for the evaluation of information system security technical assurance, and provides security technical assurance metrics with different levels of capability maturity model. This paper firstly quantifies the security technical assurance metric levels, and then restates information system security technical assurance with the use of mathematical concepts, such as vector and vector infinitynorm, and finally develops an effective algorithm for evaluating capability maturity levels of information systems in security technical assurance. The simulation shows that the proposed algorithm can effectively realize the security technical assurance evaluation of information systems.