A number of Microsoft Windows platform products have achieved high security levels in the Common Criteria IT assurance scheme.
The products achieved Common Criteria (CC) Evaluation Assurance Level (EAL) 4 +.
Issued by the National Information Assurance Partnership (NIAP), the assurance scheme is an international standard used by government departments in particular, to evaluate IT products and decide whether they meet security and regulatory requirements. The highest CC standard is EAL 7, which is rarely met.
Six Windows platforms achieved EAL 4 +. These included Windows Server 2003, Standard Edition (32-bit version) with Service Pack 1; Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with Service Pack 1; and Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with Service Pack 1
In addition, Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0); Microsoft Windows XP Professional with Service Pack 2; and Microsoft Windows XP Embedded with Service Pack 2 achieved the EAL 4 + accreditation.
The testing for the products was carried out independently by Science Applications International, an accredited CC testing organisation. The platforms were tested against more than 20 real-world scenarios.
Charles Kolodgy, an analyst at IDC, said, “The high level of assurance regarding security capabilities reflected in these certifications reflect a deep commitment to security on the part of Microsoft that governments in particular will value, and that any organisation would be well-advised to consider.”
The certifications join previous Microsoft EAL 4 certifications for Exchange Server 2003, Internet Security and Acceleration Server (ISA Server) 2004, Windows 2000 Professional, and Windows 2000 Server and Advanced Server.