Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Microsoft Windows earns Common Criteria certification

By Elizabeth Montalbano , IDG News Service , 12/14/2005
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

Several of Microsoft 's Windows platform products have achieved a Common Criteria certification of 4+, a rating that bolsters their profile among government and other vertical-market customers that have high-security needs for IT products, a company spokesman said Wednesday.

Common Criteria is a standard evaluation rating issued by the National Information Assurance Partnership that primarily government customers use to evaluate the security of IT products before making purchasing decisions.

Both 32-bit and 64-bit versions of Windows Server 2003, Standard Edition with Service Pack 1; Windows Server 2003, Enterprise Edition with Service Pack 1; and Windows Datacenter Edition with Service Pack 1 have achieved Common Criteria (CC) Evaluation Assurance Level 4, Augmented with ALC_FLR.3 certification, said Mario Juarez, senior product manager in the Security Technology Unit at Microsoft. The certification is more commonly known as EAL 4+, with the "+" denoting the addition of the ALC_FLR.3 certification, he said.

The highest level of the Common Criteria certification is EAL 7. Other Windows software that has been rated EAL 4+ includes Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (Security Level 3 Protection Profile, Version 1.0); Windows XP Professional with Service Pack 2; and Windows XP Embedded with Service Pack 2.

Juarez said that Microsoft began the evaluation process for the Windows Server 2003 software about two years ago, and tested the products together as an end-to-end platform rather than separately because they typically will be used in that scenario. "If we say a certain security threat is going to hit a system, in our case we're talking about the whole [Windows] platform," he said.

Microsoft had previously reached the EAL 4 rating for Windows Server 2000, but did not test the server operating system with other pieces of software that typically would run with it, Juarez added.

Russ Cooper, editor of the NTBugtraq mailing list and a scientist at security vendor Cybertrust, called Microsoft's achievement of EAL4+ "wonderful," but questioned whether IT administrators and engineers will have to tweak Windows to achieve settings that recreate the operating system scenarios that were evaluated.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed