{"product_id":10540,"v_id":10540,"product_name":"Windows 8 and Windows Server 2012 - BitLocker","certification_status":"Certified","certification_date":"2014-04-07T00:00:00Z","tech_type":"Encrypted Storage","vendor_id":{"name":"Microsoft Corporation","website":"https://www.microsoft.com"},"vendor_poc":"Mike Grimm","vendor_phone":"425-703-5683","vendor_email":"wincc@microsoft.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p>The Target of Evaluation (TOE) is full disk encryption from the following Windows operating systems that is necessary to comply with the requirements of the <em>Protection Profile for Software Full Disk Encryption</em>, as expressed in the Microsoft Windows 8 and Microsoft Windows Server 2012 <em>Full Disk Encryption Security Target</em>:</p>\r\n<ul>\r\n<li>Microsoft Windows 8 Pro Edition (32-bit and 64-bit versions)</li>\r\n<li>Microsoft Windows 8 Enterprise Edition (32-bit and 64-bit versions)</li>\r\n<li>Microsoft Windows Server 2012 Standard Edition</li>\r\n<li>Microsoft Windows Server 2012 Datacenter Edition.</li>\r\n</ul>\r\n<p>All critical security updates published as of June 2013 must be applied to the above products for the evaluated configuration.</p>\r\n<p>Evaluation testing took place on the following hardware platforms in the operational environment:</p>\r\n<ul>\r\n<li>Microsoft Surface Pro</li>\r\n<li>Dell OptiPlex 755</li>\r\n<li>Dell XPS 8500</li>\r\n<li>Dell Precision 690</li>\r\n<li>Dell Latitude E6400</li>\r\n<li>Dell Latitude E6410</li>\r\n<li>Dell PowerEdge SC1420</li>\r\n</ul>\r\n<p class=\"Body\">The focus of this evaluation is on BitLocker, the full-disk encryption part of the Windows 8 and Windows Server 2012 operating systems.</p>","evaluation_configuration":"","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Windows full disk encryption was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. Leidos (formerly Science Applications International Corporation (SAIC)) determined that the TOE satisfies the requirements specified in the <em>Protection Profile for Software Full Disk Encryption,</em> Version 1.1, 31 March 2014.&nbsp; The product, when delivered and configured as identified in the <em>Microsoft Windows 8 Microsoft Windows Server 2012 Common Criteria Supplemental Admin Guidance for Software Full Disk Encryption</em><em>,</em> version 1.0, 3 April 2014, satisfies all of the security functional requirements stated in the <em>Full Disk Encryption Security Target</em><em>,</em> version 1.0, 3 April 2014.</p>\r\n<p>A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in April 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10540-2014), prepared by CCEVS.</p>","environmental_strengths":"<p>The evaluation of the Microsoft Windows 8 and Microsoft Windows Server 2012 Full Disk Encryption TOE provides assurance that the security functions implemented by the TOE satisfy the security functional requirements specified in the <em>Full Disk Encryption Security Target</em> and that the guidance documentation describes how to use the TOE in a secure fashion. Assurance was achieved by the performance of the assurance activities specified in the <em>Protection Profile for Software Full Disk Encryption</em>.</p>\r\n<p>Microsoft Windows 8 and Microsoft Windows Server 2012 Full Disk Encryption implements the following security functions:</p>\r\n<ul>\r\n<li><strong>Cryptographic Protection: </strong>Windows provides FIPS 140-2 validated cryptographic functions that support encryption/decryption, cryptographic signatures, cryptographic hashing, cryptographic key agreement (which is not covered in this evaluation), and random number generation. Public key certificates used by the TOE protect system data at rest.\r\n<ul>\r\n<li><strong>Software-based disk encryption: </strong>Windows implements BitLocker to provide encrypted data storage for fixed and removable volumes and protects a storage volume&rsquo;s encryption key with one or more intermediate keys and authorization factors.</li>\r\n</ul>\r\n</li>\r\n<li><strong>User Data Protection: </strong>In the context of this evaluation, Windows provides encryption of fixed and removable storage volumes.</li>\r\n<li><strong>Identification &amp; Authentication: </strong>In the context of this evaluation, Windows provides the ability to generate, store, and protect authorization factors which provide access to data on encrypted fixed and removable storage volumes.</li>\r\n<li><strong>Security Management: </strong>Windows includes functions to manage storage volume encryption, cipher strength, and authorization factors including local and group security policies for full disk encryption.&nbsp; Policy management is controlled through a combination of access control, membership in administrator groups, and privileges.</li>\r\n<li><strong>Protection of the TOE&rsquo;s Security Functions: </strong>Windows provides a number of features to ensure the protection of TOE security functions.&nbsp;&nbsp; Windows ensures process isolation security for all processes through private virtual address spaces, execution context, and security context.&nbsp; The Windows data structures defining process address space, execution context, memory protection, and security context are stored in protected kernel-mode memory. Windows 8 and Windows Server 2012 includes self-testing features that ensure the integrity of executable TSF images and Windows cryptographic functions. Finally, Windows provides a trusted update mechanism to update Windows binaries itself.</li>\r\n</ul>","features":[]}