The U.S. government’s National Information Assurance Partnership has awarded certain versions of Windows XP and Windows Server 2003 its Common Criteria security certification, Microsoft said this week.
The operating system software has received Evaluation Assurance Level (EAL) 4 certification, Microsoft said. Such certification can be important for government and other organizations when making buying decisions. Windows was certitified in “20 real-world scenarios” that each involved specific configurations, a Microsoft representative said. In other words, the out-of-the-box Windows installation wasn’t certified.
EAL 4 is not the highest level of CC certification–the highest level is 7–but it is the appropriate level for commonly used software such as an operating system, according to Microsoft. “EAL levels 5-7 are targeted toward the evaluation of products built with specialized security engineering techniques. As such, these levels are generally less applicable to products built with wide commercial applications in mind,” the Microsoft representative said.
This isn’t the first time that Windows received CC certification. Windows 2000 was also certified. Other operating systems, including Red Hat’s Linux and Novell’s SuSE Linux have also been certified.
This week’s certification announcement covered:
– Microsoft Windows Server 2003, Standard Edition (32-bit version) with Service Pack 1.
– Microsoft Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with Service Pack 1.
– Microsoft Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with Service Pack 1.
– Microsoft Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0).
– Microsoft Windows XP Professional with Service Pack 2
– Microsoft Windows XP Embedded with Service Pack 2.
News source: News