After a nearly three-year process,\u00a0Microsoft\u00a0said Tuesday that its Windows 2000 operating system has been certified as secure through an evaluation process that was developed through the cooperative efforts of 15 national governments worldwide.The certification means Windows 2000 with Service Pack 3 can be used as part of sensitive government security systems without buyers having to get special waivers from the National Security Agency or pass additional testing. Those security systems would be handling sensitive or classified data at government agencies including the Department of Defense and civilian contractors.The certification does not mean the software is now bulletproof, but means the testing has confirmed the code is working as advertised.Microsoft admitted that the certification has no direct implications for non-government users beyond the awareness that the software has passed the test. But the company says that fact is confirmation that the vendor has been working hard on security even before it announced its\u00a0Trustworthy Computing initiative\u00a0in January.\u201cThis is a demonstration that many aspects of the things that lead to trust, security being a notable one, are things that we have paying attention to for some period of time,\u201d said Microsoft CTO Craig Mundie, during a news conference to announce the certification. \u201cFor people who have concerns on an ongoing basis about our level of investment or focus on these questions about all the things that ultimately lead to security in computer systems, this is pretty strong testimony to the level of effort we have been applying.\u201dThe security certification is defined by the Common Criteria for Information Technology Security Evaluation (CCITSE), which is known in government circles as Common Criteria certification. The CC certification is a globally recognized ISO standard for evaluating security features in computer software.Nearly 75 products have passed the CC evaluation. SGI in June of this year had its Trusted IRIX 6.5 and its standard IRIX 6.5 operating system certified. Sun has had two versions of its operating system CC certified. Solaris 8 was certified, as was a "trusted" version with strong access control, security labels and software compartmentalization. Oracle has had versions 7, 8, and 8i of its database evaluated and certified.Those products along with Windows 2000 received an Evaluation Assurance Level 4 (EAL4), which is described as "the highest level at which it is likely to be economically feasible to retrofit to an existing application.\u201d As part of the evaluation, source code is examined and the vendor has to be prepared to \u201cincur additional security-specific engineering.\u201dEAL4 is the highest CC certification level doled out for the 75 products tested to date, and is the highest level that's recognized by all CC country signatories. Above that, vendors are likely to see specific demands from individual countries.Although complex to decipher, the EAL scheme basically says EAL1 is appropriate when requirements for security are \u201cnot serious.\u201d EAL2 ups the ante in asking the product developer for design information and testing \u201cconsistent with good commercial practice.\u201d At EAL3, the product is going to be \u201cmethodically tested and checked\u201d in a CC-accredited lab in a search \u201cfor obvious vulnerabilities.\u201dMundie said the certification process cost Microsoft \u201cmany millons of dollars,\u201d but would not disclose a specific amount. Other companies have reported similar costs.\u00a0 The independent evaluation was performed by the Science Applications International's\u00a0 (SAIC\u2019s) Common Criteria testing lab, which is one of two-dozen certified and accredited to perform the testing.Windows 2000 is the first Microsoft product to be CC certified. Mundie said Windows XP and Windows .Net Server would also be put through the certification process. He said SQL Server, which is currently certified as C2 under the government\u2019s Orange Book system, is not currently slated to be submitted for CC evaluation.Microsoft also went a step further, including certification of a number of services within the operating system including multi-master directory services, L2TP\/IPSec-based virtual private networking, and single sign-on.To supplement the CC certification, Microsoft will introduce resource materials and tools to provide guidance in the deployment and operation of Windows 2000 in secure network environments.The company also received the highest level of Systematic Flaw Remediation certification for Window 2000 as issued by the National Information Assurance Partnership (NIAP). The certification means that the Microsoft Security Response Center (MSRC) meets the requirements for tracking and fixing problems with the software.Microsoft officials say no other company has certified a procedure for ongoing software maintenance.As an international movement, CC has expanded since it began as a collaborative effort by five countries in 1996. Today, 15 nations formally recognize Common Criteria.In the U.S., the mandate to buy CC-evaluated products stems from a directive issued two years ago by the National Security Agency (NSA). The directive called The National Security Telecommunications Information Systems Policy No. 11 (NSTISP#11), primarily affects buying habits in the Department of Defense. But civilian agencies and outside government contractors that process sensitive government data also need to comply.\n\nIn July, NSA ordered that all new national security systems have to run operating systems, applications, firewalls and other security equipment that have passed the stringent testing spelled out in Common Criteria.