LONDON, May 3, 1999 — The British government last week concluded that the Microsoft Windows NT platform passes muster when it comes to security.
After more than a year of intensive testing, the U.K. Information Technology Security Evaluation Criteria (ITSEC) certification board awarded Windows NT Server 4.0 and Windows NT Workstation 4.0 an E3/FC-2 rating-generally acknowledged as the highest security evaluation possible for a general-purpose operating system. The security standards agency evaluation included examinations of the source code and design documentation of Windows NT 4.0 with Service Pack 3. Testers also had direct access to the engineers who designed and tested the server operating system.
Their conclusion: the Windows NT 4.0 architecture provides robust but flexible security.
“The successful ITSEC evaluation confirms the robust security and design of Windows NT,” said Edmund Muth, group product manager at Microsoft. “The strong security and wide range of security-related features in Windows NT benefit customers in industries where security is a paramount concern, like banking, government, healthcare and the military, and individuals who are concerned about their privacy and e-commerce.”
The comprehensive security architecture in the Windows NT platform provides that level of safety. Its integrated security features include strong authentication, fine-grained access control, real-world auditing tools and secure communications.
Governments and enterprises around the world have already put those features to use.
Last Fall, Brazil used a Windows NT-based network to securely host the largest electronic elections in history. Nearly 90 percent of NATO’s headquarters and field sites in Europe and the United States, all requiring the highest level of security, use a Windows NT-based system to deliver tactical data and military messaging.
And in the private sector, one of New Zealand’s largest banks counts on Windows NT to provide secure banking over the Internet.
The ITSEC rating provides independent confirmation of the platform’s security features. ITSEC is the only evaluation regime recognized by the British government for use in secure and sensitive installations. ITSEC also is officially recognized by the governments of many European Union countries, Canada, the former Soviet republics and, with slight variations, New Zealand and Australia.
The E3/F-C2 evaluation is roughly equivalent to a C2 evaluation under the U.S. Trusted Computer Security Evaluation Criteria (TCSEC) regime, better known as the “Orange Book.” Microsoft is separately pursuing a C2 evaluation for Windows NT 4.0, which should be completed soon.
But security isn’t the only thing this platform offers.
Windows NT Server 4.0, the multipurpose server operating system that forms the foundation of the BackOffice family, offers a comprehensive set of services. From communications and file and print services to a platform for building and hosting Web- and client-server-based applications, Windows NT Server is built to meet the many needs of business.
Windows NT Workstation 4.0, developed specifically for the business environment, makes it easy to use, manage and integrate those features. The operating system gives employees the intuitive look and feel of Windows 98, so companies can cut training costs, and people can work productively right from the start.
The Windows NT platform is also the quickest path to Windows 2000, which is designed to be Microsoft’s most robust and reliable operating system to date. Windows 2000 is also designed with security in mind. Microsoft is taking orders for the Beta 3 versions of Windows 2000 Server and Workstation.
After Microsoft releases Windows 2000, the company plans to submit the operating system for a similar security evaluation under the Common Criteria, a new evaluation system that will consolidate the TCSEC and ITSEC criteria. The results of that review could enhance even further the Windows reputation for providing secure computing.