Windows 2000 gets security approval

News

Windows 2000 gets security approval

Cliff Saran
Microsoft's "trustworthy computing" campaign has received a major boost with Windows 2000 receiving certification for a major IT security standard.

The enterprise operating system has been awarded the Common Criteria for Information Technology Security Evaluation (CCITSE) certification also known as ISO-IEC 15408.

This is a specification used by many governments and large businesses as a security benchmark for their IT systems.

John Pescatore, vice-president for Internet security at Gartner, said: "While it's unlikely that any computing environment will ever be totally secure, certification to these high levels of independent security testing should be a top criterion for all software purchases."

The Windows 2000 validation covers eight categories of application including the core operating system, directory services based on Active Directory, Kerberos for single sign-on, encrypted file systems and virtual private networking. "We've passed more categories than any other operating system," said Stuart Okin, Microsoft's chief security officer.

Windows 2000 has also passed a key test from the US National Information Assurance Partnership (NIAP), which assesses software manufacturers' systems for fixing security holes.

Okin said the evaluations has examined software development processes within Microsoft such as code reviews and patching, together with assessing the security functions within the ten million lines of source code in Windows 2000.

Microsoft is now working to put the Windows .net server and XP client operating system through the accreditation system. "It's an involved process," said Okin. "The Windows 2000 certification took three years and we started when the product was still in development."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy