Validated Product - Microsoft Windows Rights Management Services (RMS) 1.0 SP2Certificate Date: 08 August 2007 Validation Report Number: CCEVS-VR-07-0057 Product Type: Sensitive Data Protection Conformance Claim: EAL4 Augmented with ALC_FLR.3 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONMicrosoft Windows Rights Management Services (RMS) 1.0 SP2 is an information protection technology that works with RMS-enabled applications to help safeguard digital information from unauthorized use—both online and offline, inside and outside a firewall. However, the TOE is restricted to use within a closed network environment that is not connected to the Internet. RMS uses Windows Server 2003 features and security technologies, including encryption, certificates and authentication, to help organizations create information protection solutions. RMS provides protection of information through persistent usage policies, which remain with the information, no matter where it goes. RMS is a set of web and operating system services designed to facilitate the management of rights-protected content. While the TOE doesn’t actually store any protected content, it generates certificates and licenses that can be used to encrypt content and enable access to those authorized to use the content. RMS provides the setup steps that enable trusted entities to use rights-protected information. It also handles administration functions. The TOE issues XML-based licenses that define usage rights and conditions to control access to encrypted data. The TOE is supported on Windows Server 2003 as its IT environment. Encrypted data usage rights and conditions that are defined within licenses identify individual authorized users who can view the information and how that information can be used and shared. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Microsoft Windows Rights Management Services (RMS) 1.0 SP2 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is the EAL4 family of assurance requirements, augmented with ALC_FLR.3 (Systematic flaw remediation). The product, when configured as specified in “Windows Rights Management Services (RMS) 1.0 with SP2 Security Configuration Guide”, satisfies all of the security functional requirements stated in the Microsoft Windows Rights Management Services (RMS) Security Target. A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-07-0057) prepared by CCEVS. ENVIRONMENTAL STRENGTHSThe evaluated configuration of the TOE comprises a Root Certification Server and, optionally, one or more Licensing Servers. The Microsoft-hosted RMS Enrollment Service is also included in the evaluated configuration. Microsoft Windows Rights Management Services (RMS) 1.0 SP2 supports the following security functions:
Vendor Information
Microsoft Corporation Tim Myers 425-707-9422 425-936-7329 (Fax) timmyers@microsoft.com |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}