Windows 2000 Passes Security Test

Microsoft announces that the Windows 2000 platform has been awarded the Common Criteria certification, an internationally recognized ISO standard.

As Microsoft Corp. continues to try and reassure customers about the ongoing security of its products, the Redmond, Wash., software firm on Tuesday said its Windows 2000 platform has been awarded the Common Criteria certification.

The Common Criteria certification is an internationally recognized ISO standard established for evaluating the security of infrastructure technology products.

"This certification is for the broadest set of real-world scenarios yet achieved by any operating system, as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE), and sets a new bar for the industry to hop over going forward," Craig Mundie, Microsofts senior vice president and chief technology officer, said in a media conference call on Tuesday.

The independent evaluation of Windows 2000 was performed by Science Applications International Corp.s Common Criteria testing lab, Mundie said, adding that Microsoft has spent millions of dollars on the certification process. Any user running Windows 2000 with Service Pack 3 is running exactly the same system that was evaluated, he added.

"The evaluation of Windows 2000 goes far beyond that of any other operating system, including multimaster directory services, L2TP/IPSec-based virtual private networking, single sign-on and several other scenarios," Mundie said.

Describing the certification as "a milestone towards Microsofts commitment to provide customers with a secure platform for Trustworthy Computing," Mundie said Microsoft had submitted the Windows 2000 platform to this certification evaluation process to ensure that customers would have an independent, standard validation of the security features of the Windows 2000 platform.

"Whether you are a government or commercial customer, it does provide a level of documentation about configurations and processes that allow people to be better informed about the security of their IT products," he said.

In order to supplement the certification, Microsoft is introducing new resource materials and tools to provide customers with further guidance on the deployment and operations of the Windows 2000 platform in secure network environments.

Microsoft has also started the process to evaluate Windows XP Professional and the upcoming Windows .Net Server 2003 against the Common Criteria but expects the process to take less than the three years Windows 2000 took," Mundie said.

Richard Clarke, who chairs the Presidents Critical Infrastructure Protection Board, said in a statement that the Common Criteria security evaluation enables IT consumers to make informed decisions about the security capabilities of IT products.