Exchange Server 2003 Common Criteria Certification

Security begins with good software code and high-quality testing of that code, and it continues with the process used to identify, correct and update security vulnerabilities, and with third-party auditing based on recognized standards. Because of this, Microsoft submitted Microsoft Exchange Server 2003 for a through, independent evaluation based on the new Common Criteria for Information Technology Security Evaluation.

Ratified as an international standard in 1999, the Common Criteria replaces the old evaluation schemes, the US TCSEC, which provided the well-known "C2" rating, and the European ITSEC. The nations that embrace the Common Criteria believe that it will improve the availability of security-enhanced IT products, help customers evaluate IT products when making software purchase decisions, and contribute to higher levels of consumer confidence in IT product security.

This paper provides an overview of the Common Criteria, the benefits of certification, the Exchange Server 2003 scenarios that have been certified, and resources available to help customers configure and administer an Exchange Server 2003 environment that is secured in accordance with the Common Criteria for Information Technology Security Evaluation.

https://www.microsoft.com/technet/prodtechnol/exchange/2003/e2k3cc.mspx