{"product_id":10520,"v_id":10520,"product_name":"Microsoft Windows 8 and Windows Server 2012","certification_status":"Certified","certification_date":"2015-01-09T00:00:00Z","tech_type":"Operating System","vendor_id":{"name":"Microsoft Corporation","website":"https://www.microsoft.com"},"vendor_poc":"Mike Grimm","vendor_phone":"425-703-5683","vendor_email":"wincc@microsoft.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p class=\"Default\">Windows is a preemptive multitasking, multiprocessor, and multi-user operating systems.&nbsp; In general, operating systems provide users with a convenient interface to manage underlying hardware.&nbsp; They control the allocation and manage computing resources such as processors, memory, and input/output (I/O) devices.&nbsp; Windows 8 and Windows Server 2012, collectively referred to as Windows, expand these basic operating system capabilities to controlling the allocation and managing higher level IT resources such as security principals (user or machine accounts), files, printing objects, services, window station, desktops, cryptographic keys, network ports traffic, directory objects, and web content. Multi-user operating systems such as Windows keep track of which user is using which resource, grant resource requests, account for resource usage, and mediate conflicting requests from different programs and users.</p>\r\n<p class=\"Default\">Windows 8 is suited for business desktops and notebook computers. It is the workstation product and while it can be used by itself, it is designed to serve as a client within Windows domains.&nbsp;&nbsp;</p>\r\n<p class=\"Default\">Built for workloads ranging from the department to the enterprise to the cloud, Windows Server 2012 delivers intelligent file and printer sharing; secure connectivity based on Internet technologies, and centralized desktop policy management.&nbsp; It provides the necessary scalable and reliable foundation to support mission-critical solutions for databases, enterprise resource planning software, high-volume, real-time transaction processing, server consolidation, public key infrastructure, virtualization, and additional server roles.</p>\r\n<p class=\"Default\">In terms of security, Windows product variants share the same security characteristics. The primary difference is that the Server 2012 products include services and capabilities that are not part of other Windows editions (for example the DNS Server, DHCP Server) or are not installed by default on Server 2012 (for example the Windows Media Player, Windows Aero and desktop themes).</p>","evaluation_configuration":"<p class=\"Default\">The TOE includes the Microsoft Windows 8 operating system, the Windows Server 2012 operating system, supporting hardware, and those applications necessary to manage, support and configure the operating system. The TOE includes product variants of Windows 8 and Windows Server 2012:</p>\r\n<ul>\r\n<li>Microsoft Windows 8 Pro Edition (32-bit and 64-bit versions)</li>\r\n<li>Microsoft Windows 8 Enterprise Edition (32-bit and 64-bit versions)</li>\r\n<li>Microsoft Windows Server 2012 Standard Edition </li>\r\n<li>Microsoft Windows Server 2012 Datacenter Edition</li>\r\n</ul>\r\n<p class=\"Default\">All critical security updates published as of October 31, 2013 must be applied to the above products for the evaluated configuration.</p>\r\n<p class=\"Default\">Physically, each TOE tablet, workstation, or server consists of an x86 or x64 architecture.&nbsp; The TOE executes on processors from Intel (x86 and x64) and AMD (x86 and x64).&nbsp;&nbsp; Evaluation testing took place on the following hardware platforms in the operational environment:</p>\r\n<ul>\r\n<li>Microsoft Surface Pro</li>\r\n<li>Dell OptiPlex 755</li>\r\n<li>Dell OptiPlex GX620 </li>\r\n<li>Dell Latitude E6400 </li>\r\n<li>HP XW9300</li>\r\n<li>Dell Precision M6300</li>\r\n</ul>","security_evaluation_summary":"<p class=\"Default\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Microsoft Windows 8 and Windows Server 2012 were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation was conducted in accordance with the requirements of the Common Criteria and Common Methodology for IT Security Evaluation (CEM), version 3.1 (as documented in Part 2 of the <em>General-Purpose Operating System Protection Profile, version 3.9</em> (OSPP)) and assurance activities specified in the GPOSPP. The evaluation was consistent with National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) policies and practices as described on their web site (<a href=\"http://www.niap-ccevs.org\">www.niap-ccevs.org</a>). Leidos (formerly Science Applications International Corporation (SAIC)) determined that the TOE satisfies the requirements specified in the OSPP.&nbsp; The product, when delivered and configured as identified in the <em>Microsoft Windows 8. Microsoft Windows Server 2012 Common Criteria Supplemental Admin Guidance, </em>version 1.0, 11 December 2014, satisfies all of the security functional requirements stated in the <em>Microsoft Windows 8 and Windows Server 2012 Security Target,</em> version 1.0, 19 December 2014.</p>\r\n<p class=\"Default\">A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by Leidos. The evaluation was completed in January 2015. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10520-2015), prepared by CCEVS.</p>","environmental_strengths":"<p class=\"Default\">The evaluation of the Microsoft Windows 8 and Windows Server 2012 TOE provides assurance that the security functions implemented by the TOE satisfy the security functional requirements specified in <em>Microsoft Windows 8 and Windows Server 2012</em><em> Security Target</em> and that the guidance documentation describes how to use the TOE in a secure fashion. Assurance was achieved by the performance of the assurance activities specified in <em>General Purpose Operating System Protection Profile</em>.</p>\r\n<p class=\"Default\">Microsoft Windows 8 and Windows Server 2012 implement the following security functions:</p>\r\n<ul>\r\n</ul>\r\n<ul>\r\n<li><strong>Security Audit:</strong> Windows has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs.&nbsp; Audit information generated by the system includes the date and time of the event, the user identity that caused the event to be generated, and other event specific data.&nbsp; Authorized administrators can review audit logs and have the ability to search and sort audit records. Authorized Administrators can also configure the audit system to include or exclude potentially auditable events to be audited based on a wide range of characteristics.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Identification and Authentication (I&amp;A):</strong> Each Windows user must be identified and authenticated based on administrator-defined policy (using password, network authentication token or a certificate on a smartcard) prior to performing any TSF-mediated functions.&nbsp; An interactive user invokes a trusted path in order to protect his I&amp;A information.&nbsp; Windows maintains databases of accounts including their identities, authentication information, group associations, and privilege and logon rights associations.&nbsp; Windows account policy functions include the ability to define the minimum password length, the number of failed logon attempts, the duration of lockout, and password age.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Security Management:</strong> Windows includes several functions to manage security policies.&nbsp; Policy management is controlled through a combination of access control, membership in administrator groups, and privileges.&nbsp; </li>\r\n</ul>\r\n<ul>\r\n<li><strong>User Data Protection:</strong> Windows protects user data by enforcing several access control policies (Discretionary Access Control, Dynamic Access Control, Mandatory Integrity Control, web access and web content publishing access control) and several information flow policies (IPsec filter information flow control, Windows Firewall), as well as object and subject residual information protection.&nbsp; Windows uses access control methods to allow or deny access to named objects, such as files, directory entries, printers, and web content.&nbsp; Windows uses information flow control methods to control the flow of network traffic. Windows authorizes access to these resource objects through the use of security descriptors (an information set that identifies users and their specific access to resource objects), web permissions, network filters, and port mapping rules. Windows also protects user data by ensuring that resources exported to user-mode processes do not have any residual information.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Cryptographic Protection:</strong>&nbsp; Windows provides FIPS-140-2 validated cryptographic functions that support encryption/decryption, cryptographic signatures, cryptographic hashing, cryptographic key agreement, and random number generation. The TOE additionally provides support for public keys, credential management and certificate validation functions and provides support for the National Security Agency&rsquo;s Suite B cryptographic algorithms. Windows also provides extensive auditing support of cryptographic operations and a key isolation service designed to limit the potential exposure of secret and private keys. In addition to supporting its own security functions with cryptographic support, the TOE offers access to the cryptographic support functions for user application programs. Public key certificates generated and used by the TOE authenticate users and machines as well as user protect and system data in transit.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Protection of TOE Security Functions:</strong> Windows provides a number of features to ensure the protection of TOE security functions.&nbsp;&nbsp; Windows protects against unauthorized data disclosure and modification by using a suite of Internet standard protocols including IPsec, IKE, and ISAKMP.&nbsp; Windows ensures process isolation security for all processes through private virtual address spaces, execution context, and security context.&nbsp; The Windows data structures defining process address space, execution context, memory protection, and security context are stored in protected kernel-mode memory. Windows also includes some self-testing features that ensure the integrity executable TSF image and its cryptographic functions.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Session Locking:</strong> Windows provides the ability for a user to lock their session either immediately or after a defined interval.&nbsp; Windows constantly monitors the mouse and keyboard for activity and locks the workstation after a set period of inactivity.&nbsp; Windows allows an authorized administrator to configure the system to display a logon banner before the logon dialogue.</li>\r\n</ul>\r\n<ul>\r\n<li><strong>Trusted Path:</strong> Windows provides a trusted path for interactive session login as well as an IPsec trusted path when sending TSF data between machines that comprise a Windows deployment.</li>\r\n</ul>","features":[]}