Server Products Security Certified

Windows 7, Windows Server 2008 R2, SQL Server 2008 SP2, and Forefront Threat Management Gateway (TMG) 2010 have completed the Common Criteria Certification process, which requires that each product undergo a test protocol set forth by the Common Criteria Recognition Arrangement (CCRA). The Common Criteria Certification ensures that certified products conform to stringent security requirements, and it is recognized by 26 member nations of the CCRA, including Canada, Germany, the U.K., and the U.S. Common Criteria Certification is mandatory before some government agencies, including the U.S. Department of Defense (DOD) and the National Security Agency (NSA), are able to use the products.

Windows 7 and Windows Server 2008 R2 achieved Evaluation Assurance Level 4 with augmentation (EAL4+) on Mar. 24, 2011. The certification indicates that in the view of the independent examiner and validated against a set of implementation-independent security requirements, Microsoft used a design, development, and testing approach that supported the development of a secure product. The certification does not mean there are no vulnerabilities or security bugs in Windows or that merely installing Windows provides a secure environment. It does mean the underlying design supports the development of an OS that could be deployed in a secure manner. The Common Criteria Test Laboratory (CCTL) for both OSs was SAIC, using the DOD, NSA, and National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme.