Ensuring Security Confidence: Common Criteria Certification

Good News

I just finished a post on security since it consistently ranks amongst the top three IT concerns. I found this news released today compelling since it gives assurances that there is a strong commitment to security. This means less headaches for you.

According to Charles Kolodgy, research director of Security Products at IDC, “Microsoft continues to build on its Trustworthy Computing progress by attaining Common Criteria certification for Windows platform products. The high level of assurance regarding security capabilities reflected in these certifications, coupled with advances in software quality produced by the Security Development Lifecycle, reflect a deep commitment to security on the part of Microsoft that governments in particular will value and that any organization would be well-advised to consider.”

The Details

A wide range of Microsoft Windows platform products has been awarded Common Criteria (CC) certification – an independent globally recognized standard for security. CC credentials are impressive since certification is issued by the National Information Assurance Partnership (NIAP), under the International Common Criteria for IT Security Evaluation (ISO Standard 15046). Moreover, the “end-to-end” platform security certifications awarded is unique in the industry. A total solution involves being “certified to perform reliably on a number of real-world computing scenarios. These include such scenarios as Directory Servers, Web Servers, File and Print Servers, and Certificate Servers — scenarios which often require that multiple elements of an operating services platform (e.g., servers, server services, and clients) work together in a seamless fashion.”

Microsoft has achieved the highest level of certification (EAL4) for the following products and this reflects a longer-term commitment involving prior certifications of their products:

  • Microsoft Windows Server 2003, Standard Edition (32-bit); SP 1
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions); SP 1
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions); SP 1
  • Microsoft Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
  • Microsoft Windows XP, Professional; SP 2
  • Microsoft Windows XP, Embedded; SP 2

Complementing these certifications are the recent certifications awarded for Exchange Server 2003 (EAL 4 + Systematic Flaw Remediation) and ISA Server 2004 (EAL 4 +)

This also ties into the Security Development Lifecycle (SDL), an internal Microsoft initiative over the last several years to ensure security is front-and-center in all development processes. I find this encouraging and it reflects a real commitment to security.

For more information, click on the links:

Certification of Microsoft Windows platform products
SDL Information about the Trustworthy Computing

Thank you,