Microsoft Announces Government Security Program

REDMOND, Wash., Jan. 14, 2003 — National governments and their principal agencies face more serious security threats than other technology consumers do. In matters ranging from national defense to protection of citizens’ personal data, national governments must place security at the forefront of their information technology requirements. Recognizing this, Microsoft Corp. today announced the Government Security Program (GSP), a global initiative that provides national governments with controlled access to Microsoft® Windows®
source code and other technical information they need to be confident in the enhanced security features of the Windows platform. The GSP is one integral element in Microsoft’s efforts to address the unique security requirements of governments and international organizations throughout the world. NATO has signed a GSP agreement as well as Atlas, as authorized by the Federal Agency for Governmental Communication and Information (FAGCI) in Russia. Additionally, the company is in discussions with more than 20 countries about their interest in the program. Participation in the GSP will be disclosed at the discretion of each government signatory, and Microsoft is committed to honoring confidentiality where necessary.

“IT security is a chief concern, and the unavailability of source code and other technical information and the lack of partnership opportunities limited the desire of governmental authorities of the Russian Federation to use Microsoft products,” said Boris Girichev, general director of Atlas, which was authorized by the Federal Agency for Governmental Communication and Information (FAGCI) to sign the GSP agreement with Microsoft. “This agreement is a significant step forward in addressing our IT security requirements. It better enables governmental authorities of the Russian Federation to deploy and maintain secure computing infrastructures.”

While some Microsoft source-licensing programs are available to everyone, the Government Security Program is tailored to the specialized security requirements of governments. The GSP is a no-fee initiative that enables program participants to review Windows source code using a code review tool (subject to certain license restrictions). In addition to source access, the GSP provides for the disclosure of technical information about the Windows platform, enhancing governments’ ability to build and deploy computing infrastructures with strong security technologies in place. The program also promotes increased communication and collaboration between Microsoft security professionals and program participants, providing opportunities to visit Microsoft development facilities in Redmond and review various aspects of Windows source-code development, testing and deployment processes; discuss existing and potential projects with Microsoft security experts; and generally interact with and provide feedback directly to Microsoft staff.

The Government Security Program is a crucial element of Microsoft’s efforts to address the unique requirements of governments around the world. In 2001, Microsoft launched the Shared Source Initiative, expanding its long-standing efforts to make Windows source code more transparent to trusted partners and customers. In 2002, the company announced its Trustworthy Computing initiative, placing security at the core of all Windows development efforts.

The GSP also supports and builds on the Common Criteria (CC) certification, a globally accepted independent standard for evaluating the security features and capabilities of information technology products. Windows 2000 achieved CC certification last October for the broadest set of real-world scenarios yet achieved by any operating system, as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). Whereas the CC certification provides a common set of requirements that enable customers worldwide to objectively evaluate the security functions of IT products and systems, the GSP takes this a step further by providing national governments with the information they need to conduct robust security analyses and audits of Microsoft’s Windows products.

“At Microsoft, we view governments that utilize our software as trusted partners. The Government Security Program will provide governments with the opportunity to assess the security and integrity of the Microsoft products they deploy. In talking with government customers, we’ve been told this is a key capability that they need and we responded,” said Craig Mundie, chief technology officer and senior vice president for advanced strategies and policy at Microsoft. “In addition to source code access we are providing technical documentation, methods for troubleshooting, access to cryptographic tools subject to export controls, and access to Microsoft expert support technicians who can collaborate with governments on how they use this source code access.”

Additional information about the GSP is available on Microsoft’s PressPass Web site at More information about Microsoft’s Shared Source Initiative, Trustworthy Computing program and the Common Criteria certification awarded to Windows 2000 can be found at and

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at on Microsoft’s corporate information pages. Web links, telephone numbers and titles were correct at time of publication, but may since have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at .

Related Posts