A number of Microsoft Windows platform products have
achieved high security levels in the Common Criteria IT assurance
scheme.
The products achieved Common Criteria (CC) Evaluation Assurance
Level (EAL) 4 +.
Issued by the National Information Assurance Partnership (NIAP),
the assurance scheme is an international standard used by
government departments in particular, to evaluate IT products and
decide whether they meet security and regulatory requirements. The
highest CC standard is EAL 7, which is rarely met.
Six Windows platforms achieved EAL 4 +. These included Windows
Server 2003, Standard Edition (32-bit version) with Service Pack 1;
Windows Server 2003, Enterprise Edition (32-bit and 64-bit
versions) with Service Pack 1; and Windows Server 2003, Datacenter
Edition (32-bit and 64-bit versions) with Service Pack 1
In addition, Windows Server 2003 Certificate Server, Certificate
Issuing and Management Components (CIMC) (Security Level 3
Protection Profile, Version 1.0); Microsoft Windows XP Professional
with Service Pack 2; and Microsoft Windows XP Embedded with Service
Pack 2 achieved the EAL 4 + accreditation.
The testing for the products was carried out independently by
Science Applications International, an accredited CC testing
organisation. The platforms were tested against more than 20
real-world scenarios.
Charles Kolodgy, an analyst at IDC, said, “The high level of
assurance regarding security capabilities reflected in these
certifications reflect a deep commitment to security on the part of
Microsoft that governments in particular will value, and that any
organisation would be well-advised to consider.”
The certifications join previous Microsoft EAL 4 certifications
for Exchange Server 2003, Internet Security and Acceleration Server
(ISA Server) 2004, Windows 2000 Professional, and Windows 2000
Server and Advanced Server.