At Microsoft we are constantly striving to make the computing environment as secure as possible. Part of our commitment to security involves providing products that meet widely-recognized certification requirements. We are happy to announce that Microsoft Windows 7, Microsoft Windows Server 2008 R2 and SQL Server 2008 SP2 32 & 64 bit Enterprise Edition (English) have completed the Common Criteria (CC) certification process and achieved Evaluation Assurance Level 4 with augmentation (EAL4+). Windows 7 and Windows Server 2008 R2 were certified on March 24, 2011. SQL Server 2008 SP2 was certified on February 11, 2011.
In order to become certified, all three products had to go through a series of rigorous security testing protocols set forth by the Common Criteria Recognition Arrangement (CCRA) . The targets of these evaluations support a rich set of real-world features, roles, and scenarios for customers in the international government, military, and intelligence communities.
Common Criteria certification is an international standard for ensuring that IT products conform to stringent security requirements, is recognized by the 26 member nations of the CCRA, and used in procurement requirements by governments around the world. In particular, Common Criteria evaluation of operating systems and database management systems (DBMS) is a mandatory procurement requirement for U.S. defense and national security customers.
The evaluation of Windows 7 and Windows Server 2008 R2 was conducted by SAIC as the CC Test Laboratory (CCTL) and the U.S. Department of Defense (DOD) National Security Agency (NSA) National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). The Windows 7 and Windows Server 2008 R2 Common Criteria Evaluation and Validation Scheme Validation Report and Security Target are available for download. Windows 7 and Windows Server 2008 R2 were found to be compliant with the “US Government Protection Profile for General-Purpose Operating Systems in a Networked Environment (GPOSPP), version 1.0, 30 August 2010.”
The evaluation of Microsoft SQL Server 2008 SP2 was conducted by TÜViT as the CCTL and the Bundesamt für Sicherheit in der Informationstechnik (BSI), the security certifying department of the German government. SQL Server 2008 SP2 was found to be compliant with the “U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, V1.2, July 25, 2007.” These results are posted on the BSI website as a new certificate.
To learn more about other Windows products that are CC certified, visit our Windows Platform CC page.