For details, please see the Future Fed blog post: http://www.futurefed.com/blog/29/microsoft-windows-7-windows-server-2008-r2-and-sql-server-2008-sp2-now-certified-as-common-criteria-validated-products.aspx

Microsoft Windows Vista and Microsoft Windows Server 2008 were Common Criteria (CC) validated on August 31, 2009. The CC conformance claim is Evaluation Assurance Level 4 (EAL4) augmented with flaw remediation ALC_FLR.3 and vulnerability analysis AVA_VLA...

Microsoft Windows 7 and Microsoft Windows Server 2008 R2 formally entered evaluation for Common Criteria Evaluation Assurance Level 4 augmented with flaw remediation (ALC_FLR.3), commonly referred to as EAL4+. The Protection Profile in use is PP_GPOSPP_V7...

Microsoft Windows Server 2003 Web Edition is a proper subset of the Windows Server 2003 editions that were included in the Target of Evaluation (TOE) of several Common Criteria security evaluations. The Web Edition has no more security functions than...

Microsoft Windows Vista and Microsoft Windows Server 2008 received their Common Criteria (CC) certificate on September 23 rd at the 10 th International Common Criteria Conference in Tromsø, Norway. The CC Evaluation Assurance Level is 4 (EAL4+). The target...

Microsoft Windows Server 2008 Hyper-V Role has successfully completed validation against the Common Criteria at Evaluation Assurance Level 4 augmented by ALC_FLR.3 Flaw Remediation (EAL4+). The German Bundesamt für Sicherheit in der Informationstechnik...

Windows Mobile 6.1 with System Center Mobile Device Manager 2008 and System Center Mobile Device Manager 2008 Service Pack 1 (SP1) have been validated at Common Criteria (CC) Evaluation Assurance Level 4 (EAL4). The CC evaluation was conducted by Stratsec...

Q: Does Microsoft plan to evaluate Windows 7 and Windows Server 2008 R2 under CC? A: Microsoft has evaluated every release of the Windows NT product family under Common Criteria, both Client and Server versions, since Windows 2000. It is currently...

The Database Engine of Microsoft SQL Server 2005 SP2, Enterprise Edition (English) Version 9.00.3068.00 was validated/certified as meeting Evaluation Assurance Level 4 Augmented (EAL4+) in a CC evaluation. The certification includes verification of compliance...

Microsoft SQL Server 2000 was validated against the DoD/NSA NCSC Trusted Computer System Evaluation Criteria ( TCSEC ). Its rating was Class C2 . This kind of security evaluation was a predecessor to the Common Criteria (CC). Unfortunately, the DoD/NSA...

No, Windows Storage Server 2003 SP1 has not been certified/validated in a Common Criteria (CC) evaluation. An inspection of the Security Targets and Validation Reports for the following evaluated products should help you determine whether the components...

Microsoft Office SharePoint Server 2007 with DoD Add-On Pack complies with the DoD 5015.02-STD Joint Interoperability Test Command (JITC) Records Management Application (RMA) Design Criteria Standard rather than the Common Criteria. Press http...

The Database Engine of Microsoft SQL Server 2008 Enterprise Edition (English) x86 and x64, Version 10.0.1600.22 was Common Criteria validated / certified at EAL1+ by the BSI in Germany. The certification report and security target are available here:...

It is understood that there are no plans to evaluate the Web Edition of Windows Server 2003 against the Common Criteria (CC). There isn't anything contained in the Web Edition that you can't find in the Standard Edition, Enterprise Edition, or Datacenter...

Microsoft Internet Security & Acceleration (ISA) Server 2006 has been validated and certified to have met Common Criteria Evaluation Assurance Level 4 with augmentation of AVA_VLA.3 and ALC_FLR.3 (EAL4+.) For details, please see the ISA team blog...

Composite Common Criteria evaluations -- those that have a dependency on another CC evaluation, i.e., SQL Server and Windows Server -- can proceed in parallel. It is my understanding from the 8th ICCC that the other component/platform evaluation needn...

Generally, we do not certify every Service Pack (SP), just major product releases. For example, our customers have seen a long term commitment by Microsoft to certify each major release of Windows. If a new SP’s ship date happens to line up with...

The Common Criteria validation of Windows Server 2003 R2 includes IIS as a web server. Please see the Security Target for details: http://www.niap-ccevs.org/cc-scheme/st/vid10184/

Active Directory Federation Services (ADFS) was included in the Common Criteria validation of Microsoft Windows XP and Windows Server 2003 R2. Please see the Security Target (ST) for details: http://www.niap-ccevs.org/cc-scheme/st/vid10184/ Guidance...

Microsoft Windows 2000 Professional, Server, and Advanced Server were Common Criteria certified in 2002. The Security Target, Validation Report, and certificate are available here: http://www.niap-ccevs.org/cc-scheme/st/vid4002/ Although mainstream...

MS Windows XP Embedded, Version 5.1 SP2 has been Common Criteria certified. This gives embedded products a sound basis for the assurance of the platform. I’ve been asked whether SP1 and SP3 have also been certified. They have not and it is understood...

Terminal Services and the RDP protocol were not included in the Target of Evaluation (TOE) of the Windows Server 2003 Common Criteria certification. Although the Windows Server 2003 CC evaluations have covered the richest set of features and services...

Certain draft PKI RFCs and DoD PKI requirements documents refer to the “Trusted System Development Methodology (TSDM) Level 2”, it also goes by other names such as “Trusted Software Development Methodology” and “Trusted Software Methodology”. The actual...

Common Criteria security evaluations and certifications give us some measurable assurance that products such as Microsoft Windows live up to their security claims. Microsoft has successfully completed these and similar security evaluations since Windows...

Can you decipher this message? If so, please send me an email with the answer. NEPUZ PUSBN DGDTN UPJSJ PTNFU