ISA Server 2000 Achieves Common Criteria Certification
Reported by Thomas W Shinder, M.D.
ISA Server 2000 Achieves EAL2 Common Criteria Certification
In September, 2003, ISA Server 2000 achieved certification for Common Criteria Evaluation Assurance Level 2 (EAL 2).
What does achieve EAL2 Common Criteria mean?
Achieving the Common Criteria certification means that ISA Server has been formally evaluated by a Common Criteria Certification authority, in this case BSI of Germany. The culmination of this effort has resulted in ISA Server getting the Common Criteria EAL2 Certification. By enabling a complete, transparent analysis of ISA Server 2000 by the Common Criteria's independent auditors, Microsoft continues to make significant investments in building trust in the security of our products.
Where can I find more information on common criteria certification?
Common Criteria (CC) is a framework for evaluating and certifying the security of IT products and systems. CC certification is recognized by governments and customers worldwide as a critical measure of quality. CC certification is increasingly used as one of the key criteria for many Request for Proposals (RFPs) issued by local, federal, and international government agencies, and is also becoming a key differentiator for many private sector industries such as finance and healthcare. ISA Server CC certification, coupled with Windows 2000 Server’s EAL4+ Flaw Remediation Certification presents a strong case for organizations requiring Common Criteria EAL2 Certification.
Is there a document showing the ISA Server 2000 configuration that achieved the certification?
Yes, you will find ISA Server configuration at: https://s.microsoft.com/isaserver/code/commoncriteria/msisa_agd_usr.pdf
Will future ISA products be Common Criteria certified?
Yes. Microsoft intends to pursue CC certification for future ISA products, as well as pursuing higher EAL levels. Robust, objective third-party auditing, such as the certification process involved in Common Criteria, is critical for establishing trust in security products. It represents a significant investment, and it is something that all customers should evaluate when making technology purchases. It is Microsoft’s goal to provide rigorous third-party auditing for all Microsoft security products, at a level comparable to or better than that of other vendors. To that end, Microsoft is committed to building on the CC certification achieved by ISA Server 2000.