Internet Security and Acceleration (ISA) Server 2006 is Common Criteria Evaluated

I am very excited to announce to the community that we have completed our Common Criteria evaluation of ISA Server 2006 for both the Standard and Enterprise Editions. We started this evaluation during the development cycle of ISA 2006 and the evaluation and associated certification are now complete. Microsoft Internet Security & Acceleration (ISA) Server 2006 has achieved Common Criteria Evaluation Assurance Level 4+ (EAL 4 with augmentation of AVA_VLA.3 and ALC_FLR.3). Level 4 is the highest level possible that is mutually recognized by all countries participating in CC certification. The augmentation of AVA_VLA.3 and ALC_FLR.3 are to validate vulnerability analysis and flaw remediation respectfully. A copy of the actual certificate is available for download on our web site at and you can also confirm the certification status on the German BSI site at:

This level of recognition provides the deepest evaluation and testing possible from an independent testing laboratory. We have continued to test and certify additional criteria beyond the base level with ISA 2006 like our preceding products. We listen to our customer feedback closely and we have continued to perform the most rigorous security testing and evaluation possible to meet our customer requirements in even the most sensitive IT environments. You can find more information on this achievement and associated documentation on the ISA Server web site at:



David B. Cross

Product Unit Manager

Forefront TMG