Windows Server 2003 and XP SP2 have achieved Common Criteria EAL4 – here’s a measure of how secure Windows Server 2003 and Windows XP are

Moments ago this information hit the press in the form of a press release and white paper that you can read by clicking here. Please take a look at the white paper to view the full details of this announcement – here is a brief summary…

To quote from the white paper “The independent certification of Microsoft’s end-to-end platform products included the evaluation of more than 20 real-world scenarios or “workloads” by Science Applications International Corp.’s (SAIC’s) accredited Common Criteria testing lab. SAIC adheres to strict standards, and conducts rigorous and exhaustive testing at the source-code level to determine certifications.”

The significance to ME is that this is INDEPENDENT accessment including RIGOROUS source code assessment OF REAL WORLD SCENARIOS.

The following products have been certified to meet the requirements of Common Critera EAL 4 :

• Microsoft Windows Server™ 2003, Standard Edition (32-bit version) with Service Pack 1
• Microsoft Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with Service Pack 1
• Microsoft Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with Service Pack 1
• Microsoft Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
• Microsoft Windows XP Professional with Service Pack 2
• Microsoft Windows XP Embedded with Service Pack 2

The white paper is pretty interesting (for people interested in information security!) as it explains what Common Criteria IS, the significance of achieving EAL 4, details of our Security Development Lifecycle (SDL), and enhancements made to Visual Studio to help developers to write more secure code from the outset.

The following products achieved the same level of certification (EAL4 +) some time ago:

Exchange Server 2003, Internet Security and Acceleration Server (ISA Server) 2004, Microsoft Windows 2000 Professional, and Microsoft Windows 2000 Server and Advanced Server.

Of course for those interested to know “how secure is Windows Server 2003” or “how secure is Windows XP” there’s far more to it than working with software that has achieved Common Criteria EAL4 – it’s how you configure, operate and maintain the system that’s equally important.

Comments (2)

  1. Nik says:

    Congratulations, I know how much effort goes into that sort of thing. It will certainly be appreciated by us HMG contractors, makes our life a lot easier!

    If you get the chance please pass on my thanks to the team involved (for what it’s worth!).

  2. Steve Lamb says:

    Nik> The team did a fantastic job – I’m glad that it will make your life easier. I will pass on your kind words