By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The enterprise operating system has been awarded the Common Criteria for Information Technology Security Evaluation (CCITSE) certification also known as ISO-IEC 15408.
This is a specification used by many governments and large businesses as a security benchmark for their IT systems.
John Pescatore, vice-president for Internet security at Gartner, said: "While it's unlikely that any computing environment will ever be totally secure, certification to these high levels of independent security testing should be a top criterion for all software purchases."
The Windows 2000 validation covers eight categories of application including the core operating system, directory services based on Active Directory, Kerberos for single sign-on, encrypted file systems and virtual private networking. "We've passed more categories than any other operating system," said Stuart Okin, Microsoft's chief security officer.
Windows 2000 has also passed a key test from the US National Information Assurance Partnership (NIAP), which assesses software manufacturers' systems for fixing security holes.
Okin said the evaluations has examined software development processes within Microsoft such as code reviews and patching, together with assessing the security functions within the ten million lines of source code in Windows 2000.
Microsoft is now working to put the Windows .net server and XP client operating system through the accreditation system. "It's an involved process," said Okin. "The Windows 2000 certification took three years and we started when the product was still in development."