Windows 2000 gets security approval

News

Windows 2000 gets security approval

Cliff Saran
Microsoft's "trustworthy computing" campaign has received a major boost with Windows 2000 receiving certification for a major IT security standard.

The enterprise operating system has been awarded the Common Criteria for Information Technology Security Evaluation (CCITSE) certification also known as ISO-IEC 15408.

This is a specification used by many governments and large businesses as a security benchmark for their IT systems.

John Pescatore, vice-president for Internet security at Gartner, said: "While it's unlikely that any computing environment will ever be totally secure, certification to these high levels of independent security testing should be a top criterion for all software purchases."

The Windows 2000 validation covers eight categories of application including the core operating system, directory services based on Active Directory, Kerberos for single sign-on, encrypted file systems and virtual private networking. "We've passed more categories than any other operating system," said Stuart Okin, Microsoft's chief security officer.

Windows 2000 has also passed a key test from the US National Information Assurance Partnership (NIAP), which assesses software manufacturers' systems for fixing security holes.

Okin said the evaluations has examined software development processes within Microsoft such as code reviews and patching, together with assessing the security functions within the ten million lines of source code in Windows 2000.

Microsoft is now working to put the Windows .net server and XP client operating system through the accreditation system. "It's an involved process," said Okin. "The Windows 2000 certification took three years and we started when the product was still in development."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy