More than three years after the release of Windows NT 4.0, Microsoft Corporation has finally obtained the lucrative C2 level certification for that operating system from the U.S. government. The C2 certification is considered formal verification of the security features in Windows NT 4.0.
To obtain the "Orange Book" C2 certification, which is generally considered to be the highest rating a general-purpose operating system can achieve, Microsoft provided the C2 evaluation team with unprecedented access to Windows NT, including a full review of its source code.
"Customers look to Microsoft to deliver products that are built from the ground up with security in mind," says Microsoft group vice president Jim Allchin. "\[The\] C2 evaluation serves as an incredible proof point to Microsoft's commitment to keeping customers' information secure. We are proud to deliver this significant security milestone to customers today." "This announcement means Microsoft's products are moving forward in a favorable direction that uses our existing Enterprise Agreement now that federal security standards are native in Windows 2000," said Rick Therrien, director of Leading Edge Services for the U.S. Navy CIO office. "The certification helps address barriers to integrating Windows-based networks and applications with smart cards and the DOD Public Key Infrastructure. This means we could develop a migration plan from many Windows NT 4.0-based networks to a Windows 2000-based enterprise, taking full advantage of Microsoft's built-in cryptographic modules."
The C2 certification issue had been somewhat of a black eye for Microsoft since it had been touting the certification for years, despite the fact that its older Windows NT 3.5x system had previously been the only version of NT to be so certified