{"product_id":10291,"v_id":10291,"product_name":"Microsoft Windows Vista Enterprise; Windows Server 2008 Standard Edition; Windows Server 2008 Enterprise Edition; Windows Server 2008 Datacenter Edition","certification_status":"Not Certified","certification_date":"2009-08-31T00:08:00Z","tech_type":"Operating System","vendor_id":{"name":"Microsoft Corporation","website":"https://www.microsoft.com"},"vendor_poc":"Tim Myers","vendor_phone":"425-707-9422","vendor_email":"timmyers@microsoft.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"

Microsoft Windows Vista and Windows Server 2008 are preemptive multitasking, multiprocessor, and multi-user operating systems.  In general, operating systems provide users with a convenient interface to manage underlying hardware.  They control the allocation and manage computing resources such as processors, memory, and Input/Output (I/O) devices.  Windows Vista and Windows Server 2008 expand these basic operating system capabilities to controlling the allocation and managing higher level IT resources including security principals (user and machine accounts), files, printing objects, services, windowstation, desktops, cryptographic keys, network ports/traffics, directory objects, and web content. Multi-user operating systems such as Windows Vista and Windows Server 2008, keep track of which user is using which resource, grant resource requests, account for resource usage, and mediate conflicting requests from different programs and users.

\r\n

The TOE has been evaluated for the following hardware configurations:

\r\n\r\n

 

\r\n

Windows Vista and Windows Server 2008 are operating systems that supports both workstation and server installations. The evaluation includes four product variants of Windows Vista and Windows Server 2008:

\r\n\r\n

The server products additionally provide Domain Controller (DC) features including the Active Directory and Kerberos Key Distribution Center (KDC).  The server products in the evaluation also provide Internet Information Services (IIS), Certificate Services, HTTP RPC Proxy, File Replication, Directory Replication, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Distributed File System (DFS) service, and Removable Storage Manager.  All variants include the same security features.    The primary difference between the variants is the number of users and types of services they are intended to support.

\r\n

Windows Vista is suited for business desktops and notebook computers (note that only desktops are included in the evaluated configuration); it is the workstation product.  

\r\n

Designed for departmental and standard workloads, Windows Server 2008 Standard delivers intelligent file and printer sharing; secure connectivity based on Internet technologies, and centralized desktop policy management. 

\r\n

 

\r\n

Windows Server 2008 Enterprise differs from Windows Server 2008 Standard primarily in its support for high-performance servers for greater load handling. These capabilities provide reliability that helps ensure systems remain available. 

\r\n

 

\r\n

Windows Server 2008 Datacenter provides the necessary scalable and reliable foundation to support mission-critical solutions for databases, enterprise resource planning software, high-volume, real-time transaction processing, and server consolidation.

\r\n

 

\r\n

The collection of additional features that were not available in a previous Windows operating system CC evaluation, but are included in this evaluation of Windows Vista and Windows Server 2008 are as follows:

\r\n

 

\r\n","evaluation_configuration":null,"security_evaluation_summary":"

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Windows Vista and Windows Server 2008 Target of Evaluation (TOE) was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3.  Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.3, AVA_VLA.3.  The product, when configured as identified in the Microsoft Windows Common Criteria Evaluation Document, version 6, July 29, 2009, satisfies all of the security functional requirements stated in the Windows Vista and Windows Server 2008 Security Target (Version 1.0). The project underwent three Validation Oversight Panel (VOR) panel reviews.  The evaluation was completed in August 2009.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10291-2009, dated 31 August 2009) prepared by CCEVS.

","environmental_strengths":"

Windows Vista and Windows Server 2008 support the following security functions:

\r\n

 

\r\n","features":[]}