Required Application Security Standards

[The AD RMS SDK leveraging functionality exposed by the client in Msdrm.dll is available for use in Windows Server 2008, Windows Vista, Windows Server 2008 R2, Windows 7, Windows Server 2012, and Windows 8. It may be altered or unavailable in subsequent versions. Instead, use Active Directory Rights Management Services SDK 2.1, which leverages functionality exposed by the client in Msipc.dll.]

Poorly designed rights management applications and the data protected by them can be vulnerable to both unintended errors and malicious action. When you apply for a Production License Agreement, Microsoft requires you to attest that your application meets certain standards.

Microsoft has defined minimum, recommended, and preferred standards to help you counter common vulnerabilities. Meeting the recommended and preferred standards is voluntarily. You must attest only that your application meets the minimum standards before you can receive a signed production certificate from Microsoft. Microsoft does not test or review test results related to meeting these standards.

The standards enumerated in the Production License Agreement cover the following common vulnerabilities:

• Theft
• Malicious Software
• Rights Enforcement
• Certificate Use

Related topics

Application Licensing and Best Practices