Microsoft Windows 2000 Awarded Common Criteria Certification
Oct. 29, 2002
Achieves Highest Level of Security Evaluation for the Broadest Set of Real-World Scenarios

ADELPHI, Md., Oct. 29, 2002 — Microsoft Corp. today announced that its Windows® 2000 platform has been awarded the Common Criteria certification for the broadest set of real-world scenarios yet achieved by any operating system as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). The Common Criteria (CC) certification is a globally accepted standard for evaluating the security features and capabilities of information technology products. Craig Mundie, chief technology officer and senior vice president for advanced strategies and policy at Microsoft, accepted the award today during the Federal Information Assurance Conference at the University of Maryland, College Park.

"The Common Criteria security evaluation enables IT consumers to make informed decisions about the security capabilities of IT products," said Richard Clarke, chair of the President's Critical Infrastructure Protection Board. "The Windows 2000 certification is a great step forward that provides customers in the government and the private sector with a higher level of assurance."

The CC certification is a globally recognized ISO standard (ISO-IEC 15408) established for evaluating the security of infrastructure technology products. Through a multiyear, multimillion-dollar commitment, the Windows 2000 Platform has earned CC certification for Evaluation Assurance Level 4 (EAL4) augmented with ALC FLR 3 (Systematic Flaw Remediation) from the National Information Assurance Partnership (NIAP). In addition, the evaluation of Windows 2000 goes far beyond that of any other operating system to incorporate a number of real-world deployment scenarios including multimaster directory services, L2TP/IPSec-based virtual private networking, single sign-on and several other scenarios.

"Security is a key priority for our customers, and this certification demonstrates our ongoing commitment to deliver more secure systems," Mundie said. "The CC certification achieved by Windows 2000 is a milestone toward the objective of Trustworthy Computing -- and, through our initiative, we continue to improve the inherent security, privacy and reliability of our products and services."

By providing an independent standard for evaluating the security capabilities of IT products, the Common Criteria certification enables customers worldwide to better compare their security requirements with those of other products. The independent, accredited evaluation of Windows 2000 was performed by Science Applications International Corp's. (SAIC) Common Criteria testing lab. SAIC maintains strict standards and conducts rigorous and exhaustive testing at the source-code level to provide certification and ratings for CC certifications.

"Security is a never-ending race between organizations that are investing to protect business-critical systems and the criminals who are becoming more sophisticated in their attacks," said John Pescatore, vice president for Internet security at Gartner. "Our Fortune 500 clients continue to tell us that security is a top concern when purchasing software. While it's unlikely that any computing environment will ever be totally secure, certification to these high levels of independent security testing should be a top criterion for all software purchases."

Microsoft submitted the Windows 2000 platform to the CC certification evaluation process to ensure that customers would have an independent, standard validation of the security features of the Windows 2000 platform. Achieving CC certification demonstrates a milestone toward Microsoft's commitment to provide customers with a secure platform for Trustworthy Computing.

To supplement the CC certification, Microsoft is introducing new resource materials and tools to provide customers with guidance that further simplifies the deployment and operations of the Windows 2000 platform in secure network environments. In addition, Microsoft has begun the process to evaluate Windows XP Professional and Windows .NET Server 2003 against the Common Criteria.

Additional information about the certification of Windows 2000 is available on Microsoft's PressPass Web site at http://www.microsoft.com/presspass/ , http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/cccert.asp , as well as http://www.microsoft.com/security/ and http://www.microsoft.com/windows2000/ .

Founded in 1975, Microsoft (Nasdaq "MSFT" ) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software -- any time, any place and on any device.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft® Web page at http://www.microsoft.com/presspass/ on Microsoft's corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft's Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/presspass/contactpr.asp .

Read More: