Moments ago this information hit the press in the form of a press release and white paper that you can read by clicking here. Please take a look at the white paper to view the full details of this announcement – here is a brief summary…
To quote from the white paper “The independent certification of Microsoft’s end-to-end platform products included the evaluation of more than 20 real-world scenarios or “workloads” by Science Applications International Corp.’s (SAIC’s) accredited Common Criteria testing lab. SAIC adheres to strict standards, and conducts rigorous and exhaustive testing at the source-code level to determine certifications.”
The significance to ME is that this is INDEPENDENT accessment including RIGOROUS source code assessment OF REAL WORLD SCENARIOS.
The following products have been certified to meet the requirements of Common Critera EAL 4 :
• Microsoft Windows Server™ 2003, Standard Edition (32-bit version) with Service Pack 1
• Microsoft Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with Service Pack 1
• Microsoft Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with Service Pack 1
• Microsoft Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
• Microsoft Windows XP Professional with Service Pack 2
• Microsoft Windows XP Embedded with Service Pack 2
The white paper is pretty interesting (for people interested in information security!) as it explains what Common Criteria IS, the significance of achieving EAL 4, details of our Security Development Lifecycle (SDL), and enhancements made to Visual Studio to help developers to write more secure code from the outset.
The following products achieved the same level of certification (EAL4 +) some time ago:
Exchange Server 2003, Internet Security and Acceleration Server (ISA Server) 2004, Microsoft Windows 2000 Professional, and Microsoft Windows 2000 Server and Advanced Server.
Of course for those interested to know “how secure is Windows Server 2003” or “how secure is Windows XP” there’s far more to it than working with software that has achieved Common Criteria EAL4 – it’s how you configure, operate and maintain the system that’s equally important.