In case you didn't notice...
ISA Server 2006 Standard and Enterprise Editions are now in the process of being evaluated (in “EPL status”) for a Common Criteria EAL4+ certification – the same level at which ISA Server 2004 is certified. The certification is done by the BSI, a German government agency (formally known as the German Federal Office for Information Security) and is recognized by all countries that accept the Common Criteria, including
Since Common Criteria certification is a long process, EPL status is significant for earlier purchase decisions: It means that the BSI reviewed and approved the detailed scope and content (aka "Security Target") of the certification, reflecting a high level of confidence that the BSI has in the success of the certification.
Products in the process of evaluation by the BSI are listed on http://www.bsi.bund.de/zertifiz/zert/aktuelle.htm.
On the page, scroll down to see products in evaluation since products recently certified are listed first, including ISA 2004.
Common Criteria portal:
For a brief description of the Common Criteria certification see
EMEA Technical Lead ISA Server