Microsoft Products Get Security Certified

Microsoft recently took another small step in its Trustworthy Computing initiative by obtaining security certification for a number of updated products.

The offerings that gained Common Criteria certification:

  • Windows Server 2003, Standard Edition (32-bit version) with SP1
  • Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions) with SP1
  • Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions) with SP1
  • Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
  • Windows XP Professional with SP2
  • Windows XP Embedded with SP2

    Some earlier versions of those products had already attained CC certification, but without the service pack additions. The announcement hasn’t garnered much media attention, but it should boost Microsoft’s security reputation, which continues to suffer hits over vulnerabilities in Internet Explorer.

    That’s because CC certification is independent of Microsoft. CC is an international consortium of organizations that’s established a set of common security standards it applies to products, which are submitted by companies for testing. If the products meet those standards, it’s awarded the CC certification. The higher the certification level, the better it meets agreed-upon security guidelines. And all products, whether they be from Microsoft, Oracle, CA and so on, get tested the same way for the same level. The Microsoft products attained Evaluation Assurance Level (EAL) 4, the top level for operating systems.

    Microsoft compares favorably with other competing OS vendors. For example, Sun Solaris 9 achieved EAL 4; Mac OS X achieved EAL 3; Red Hat Enterprise Linux 3 achieved EAL 2; and SuSE Linux Enterprise Server Version 9, SP2 achieved EAL 3.

  • About the Author

    Keith Ward is the editor in chief of Virtualization & Cloud Review. Follow him on Twitter @VirtReviewKeith.


    • The 2021 Microsoft Product Roadmap

      From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

    • After High-Profile Attacks, Biden Calls for Better Software Security

      Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

    • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

      Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

    • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

      A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.