ISA Server 2006 and Common Criteria EAL4+ Certification

In case you didn't notice...

ISA Server 2006 Standard and Enterprise Editions are now in the process of being evaluated (in “EPL status”) for a Common Criteria EAL4+ certification – the same level at which ISA Server 2004 is certified. The certification is done by the BSI, a German government agency (formally known as the German Federal Office for Information Security) and is recognized by all countries that accept the Common Criteria, including USA, UK and other countries.

Since Common Criteria certification is a long process, EPL status is significant for earlier purchase decisions: It means that the BSI reviewed and approved the detailed scope and content (aka "Security Target") of the certification, reflecting a high level of confidence that the BSI has in the success of the certification.

References:

• Products in the process of evaluation by the BSI are listed on http://www.bsi.bund.de/zertifiz/zert/aktuelle.htm.
  On the page, scroll down to see products in evaluation since products recently certified are listed first, including ISA 2004.
•  Common Criteria portal:
  http://www.commoncriteriaportal.org/
•  For a brief description of the Common Criteria certification see
  http://en.wikipedia.org/wiki/Common_Criteria

Anders Janson

EMEA Technical Lead ISA Server

Microsoft