Hey now this is really great news...Windows 2000 had it with EAL4+Flaw remediation but now we have it with newer products too!
Microsoft is pleased to announce that a wide range of Microsoft Windows platform products have been awarded Common Criteria (CC) certification — an independent, globally-endorsed standard for evaluating the security features and capabilities of information technology products. Microsoft has achieved the highest level of certification (EAL4) for the following products:
· Microsoft Windows Server 2003, Standard Edition (32-bit); SP 1 · Microsoft Windows Server 2003, Enterprise Edition (32-bit and 64-bit versions); SP 1 · Microsoft Windows Server 2003, Datacenter Edition (32-bit and 64-bit versions); SP 1 · Microsoft Windows Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
· Microsoft Windows XP, Professional; SP 2 · Microsoft Windows XP, Embedded; SP 2 · Complementing these certifications are the recent certifications awarded for Exchange Server 2003 (EAL 4 + Systematic Flaw Remediation) and ISA Server 2004 (EAL 4 +)
The CC Validation of W2K is great can I assume there has been a delta package put together for R2 submission. The DFS-R stuff will be huge in Govt I predict, and with Financial and State/Local Govt now talking more and more about using products on the EPL (http://www.dsd.gov.au/infosec/evaluation_services/epl/epl.html) this will be topical.
I wonder if I can make that other product I lurve comply by building the components according to the TOE for these Evaluations ;-P
WooHoo SBS 2003 compliant not Certified that will be a trick.. I'll blog it as I do it.