Validated Product - Windows 2000 Professional, Server, and Advanced Server with SP3 and Q326886 Hotfix

Certificate Date: 25 October 2002

Validation Report Number:

Product Type: Network Management, Operating System, Sensitive Data Protection, VPN

Conformance Claim: EAL4 Augmented with

PP Identifier: Controlled Access Protection Profile, Version 1.d

CC Testing Lab: SAIC Common Criteria Testing Laboratory

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The Windows 2000 Target of Evaluation (TOE) is a general-purpose, distributed, network operating system that provides controlled access between subjects and user data objects. Windows 2000 has a broad set of security capabilities including single network logon; access control and data encryption; extensive security audit collection; and Light-weight Directory Access Protocol (LDAP) Directory-based resource management. The Windows 2000 TOE provides the following security services: user data protection, audit, identification and authentication, security management, protection of the TOE Security Functions (TSF), resource quotas and TOE access banners. The Windows 2000 security policies provide network-wide controlled access protection (access control), encrypted data/key protection, and encrypted file protection. These policies enforce access limitations between individual users and data objects. The TOE is capable of auditing security relevant events that occur within a Windows 2000 network. All these security controls require users to identify themselves and be authenticated prior to using any node on the network.

The Windows 2000 ST contains the following additional sections:

  • TOE Description (Section 2) – Provides an overview of the TOE security functions and boundary.
  • Security Environment (Section 3) – Describes the threats, organizational security policies and assumptions that pertain to the TOE.
  • Security Objectives (Section 4) – Identifies the security objectives that are satisfied by the TOE and the TOE environment.
  • IT Security Requirements (Section 5) – Presents the security functional and assurance requirements met by the TOE.
  • TOE Summary Specification (Section 6) – Describes the security functions provided by the TOE to satisfy the security requirements and objectives.
  • Protection Profile Claims (Section 7) – Presents the rationale concerning compliance of the ST with the CAPP.
  • Rationale (Section 8) – Presents the rationale for the security objectives, requirements, and TOE summary specifications as to their consistency, completeness and suitability.

ENVIRONMENTAL STRENGTHS

The evaluation of Windows 2000 provides a moderate level of independently assured security in a conventional TOE and is suitable for the environment specification in this ST. The assurance requirements and the minimum strength of function were chosen to be consistent with this goal and to be compliant with the Controlled Access Protection Profile (CAPP). The TOE assurance level is Evaluation Assurance Level (EAL) 4 augmented with ALC_FLR.3 and the TOE minimum strength of function is SOF-medium.