{"product_id":10620,"v_id":10620,"product_name":"Microsoft Windows 8 and Windows RT","certification_status":"Certified","certification_date":"2015-01-09T00:00:00Z","tech_type":"Operating System","vendor_id":{"name":"Microsoft Corporation","website":"https://www.microsoft.com"},"vendor_poc":"Mike Grimm","vendor_phone":"425-703-5683","vendor_email":"wincc@microsoft.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"

Windows is a preemptive multitasking, multiprocessor, and multi-user operating systems.  In general, operating systems provide users with a convenient interface to manage underlying hardware.  They control the allocation and manage computing resources such as processors, memory, and input/output (I/O) devices.  Windows 8 and Windows RT, collectively referred to as Windows, expand these basic operating system capabilities to controlling the allocation and managing higher level IT resources such as security principals (user or machine accounts), files, printing objects, services, window station, desktops, cryptographic keys, and network ports traffic. Multi-user operating systems such as Windows keep track of which user is using which resource, grant resource requests, account for resource usage, and mediate conflicting requests from different programs and users.

\r\n

Windows 8 is suited for business desktops and notebook computers. It is the workstation product.  

\r\n

Windows RT is a new Windows-based operating system that is optimized for thin and light PCs that have extended battery life and are designed for mobile use. Windows RT only runs built-in apps or apps that are downloaded from the Windows Store. Windows Update automatically keeps your PC up to date. Windows RT client computers cannot be connected to a Windows domain.

\r\n

In terms of security, Windows product variants share the same security characteristics.

","evaluation_configuration":"

The TOE includes the Windows 8 operating system, the Microsoft Windows RT operating system, supporting hardware, and those applications necessary to manage, support and configure the operating system. The TOE includes product variants of Windows 8 and Windows RT:

\r\n\r\n

All critical security updates published as of October 31, 2013 must be applied to the above products for the evaluated configuration.

\r\n

Physically, each TOE tablet, workstation, or server consists of an ARMv7 Thumb-2, x86, x64, architectures.  The TOE executes on processors from Intel (x86 and x64), AMD (x86 and x64), Qualcomm (ARM), or NVIDIA (ARM).  Evaluation testing took place on the following hardware platforms in the operational environment:

\r\n","security_evaluation_summary":"

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which Microsoft Windows 8 and Windows RT were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation was conducted in accordance with the requirements of the Common Criteria and Common Methodology for IT Security Evaluation (CEM), version 3.1 (as documented in Part 2 of the General-Purpose Operating System Protection Profile, version 3.9 (OSPP)) and assurance activities specified in the GPOSPP. The evaluation was consistent with National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) policies and practices as described on their web site (www.niap-ccevs.org). Leidos (formerly Science Applications International Corporation (SAIC)) determined that the TOE satisfies the requirements specified in the OSPP. The product, when delivered and configured as identified in the Microsoft Windows 8 Microsoft Windows RT Common Criteria Supplemental Admin Guidance, version 1.0, 11 December 2014, satisfies all of the security functional requirements stated in the Microsoft Windows 8 and Windows RT Security Target, version 1.0, 19 December 2014.

\r\n

A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by Leidos. The evaluation was completed in December 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10620-2015), prepared by CCEVS.

","environmental_strengths":"

The evaluation of the Microsoft Windows 8 and Windows RT TOE provides assurance that the security functions implemented by the TOE satisfy the security functional requirements specified in Microsoft Windows 8 and Windows RT Security Target and that the guidance documentation describes how to use the TOE in a secure fashion. Assurance was achieved by the performance of the assurance activities specified in General Purpose Operating System Protection Profile.

\r\n

Microsoft Windows 8 and Microsoft Windows RT implement the following security functions:

\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n","features":[]}