Tuesday afternoon, Microsoft announced that Windows 2000 has received the highest level of security certification of any commercial operating system. The International Organization for Standardization (ISO) awarded Windows 2000 with the Common Criteria (CC) certification for the broadest set of real-world scenarios yet achieved by any operating system as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). As an international standard that's often a requirement for local, federal, and international government contracts, the CC isn't an easy certification to receive.
"Security is a key priority for our customers, and this certification demonstrates our ongoing commitment to deliver more secure systems," said Craig Mundie, chief technology officer and senior vice president for advanced strategies and policy at Microsoft. "The CC certification achieved by Windows 2000 is a milestone toward the objective of Trustworthy Computing, and, through our initiative, we continue to improve the inherent security, privacy and reliability of our products and services."
Mundie described the certification process as a multi-year, multi-million dollar commitment that involved a number of real-world deployment scenarios. He also noted that Microsoft is submitting Windows XP Professional and Windows .NET Server for CC certification as well, a process that should take less time than did Win2K. "We took work done for Windows 2000 certification and carried it forward because it has a common code base and much of the work that was done doesn't have to be done again," Mundie said.