Physicallyreadyboost
readyboost 时间:2021-05-19 阅读:()
NationalInformationAssurancePartnershipCommonCriteriaEvaluationandValidationSchemeValidationReportMicrosoftCorporation,CorporateHeadquarters,OneMicrosoftWay,Redmond,WA98052-6399MicrosoftWindowsVistaandWindowsServer2008ReportNumber:CCEVS-VR-VID10291-2009Dated:15August2009Version:1.
0NationalInstituteofStandardsandTechnologyNationalSecurityAgencyInformationTechnologyLaboratoryInformationAssuranceDirectorate100BureauDrive9800SavageRoadSTE6757Gaithersburg,MD20899FortGeorgeG.
Meade,MD20755-6757TMiiACKNOWLEDGEMENTSJamesDonndelingerValidationTeamAerospaceCorporationColumbia,MDShaunGilmoreNationalSecurityAgencyFt.
Meade,MDTonyAptedCommonCriteriaTestingLaboratoryTammyComptonTerrieDiazEvePierreQuangTrinhScienceApplicationsInternationalCorporationColumbia,MarylandiiiTableofContents1ExecutiveSummary.
12Identification.
23ArchitecturalInformation33.
1TOEOverview.
33.
2TOEPhysicalBoundaries.
43.
3TOELogicalBoundary.
53.
3.
1SecurityAudit.
53.
3.
2UserDataProtection.
53.
3.
3IdentificationandAuthentication53.
3.
4SecurityManagement63.
3.
5CryptographicProtection.
63.
3.
6ProtectionofTOESecurityFunctions.
63.
3.
7ResourceUtilization.
63.
3.
8SessionLocking.
74Assumptions.
75Documentation.
75.
1ConfigurationManagement85.
2DeliveryandOperation.
85.
3DesignDocumentation.
85.
4GuidanceDocumentation.
85.
5LifeCycle.
85.
6Testing.
85.
7VulnerabilityAssessment106ITProductTesting116.
1DeveloperTesting.
116.
2EvaluationTeamIndependentTesting116.
3VulnerabilityAnalysis117EvaluatedConfiguration.
118ResultsoftheEvaluation128.
1EvaluationoftheSecurityTarget(ASE)138.
2EvaluationoftheConfigurationManagementCapabilities(ACM)138.
3EvaluationoftheDeliveryandOperationDocuments(ADO)138.
4EvaluationoftheDevelopment(ADV)138.
5EvaluationoftheGuidanceDocuments(AGD)148.
6EvaluationoftheTestDocumentationandtheTestActivity(ATE)148.
7VulnerabilityAssessmentActivity(AVA)148.
8SummaryofEvaluationResults.
149ValidatorComments/Recommendations1410Annexes.
1511SecurityTarget.
1512Glossary1613Bibliography1614DesignDocumentationListing1711ExecutiveSummaryThisreportdocumentstheassessmentoftheNationalInformationAssurancePartnership(NIAP)validationteamoftheevaluationofMicrosoftWindowsVistaandWindowsServer2008.
Itpresentstheevaluationresults,theirjustifications,andtheconformanceresults.
ThisValidationReportisnotanendorsementoftheTargetofEvaluationbyanyagencyoftheU.
S.
government,andnowarrantyiseitherexpressedorimplied.
TheevaluationwasperformedbytheScienceApplicationsInternationalCorporation(SAIC)CommonCriteriaTestingLaboratory(CCTL)inColumbia,Maryland,UnitedStatesofAmerica,aswellasevaluatorsfromtheNationalSecurityAgency(NSA)andwascompletedinAugust2009.
TheinformationinthisreportislargelyderivedfromtheEvaluationTechnicalReport(ETR)andassociatedtestreports,writteninpartbySAICandinpartbyNSA.
TheevaluationdeterminedthattheproductisbothCommonCriteriaPart2ExtendedandPart3Conformant,andmeetstheassurancerequirementsofEAL4augmentedwithALC_FLR.
3,AVA_VLA.
3.
TheTargetofEvaluation(TOE)isWindowsVistaandWindowsServer2008providedbyMicrosoft,Corp.
WindowsVistaandWindowsServer2008arepreemptivemultitasking,multiprocessor,andmulti-useroperatingsystems.
Ingeneral,operatingsystemsprovideuserswithaconvenientinterfacetomanageunderlyinghardware.
Theycontroltheallocationandmanagecomputingresourcessuchasprocessors,memory,andInput/Output(I/O)devices.
WindowsVistaandWindowsServer2008expandthesebasicoperatingsystemcapabilitiestocontrollingtheallocationandmanaginghigherlevelITresourcesincludingsecurityprincipals(userandmachineaccounts),files,printingobjects,services,windowstation,desktops,cryptographickeys,networkports/traffics,directoryobjects,andwebcontent.
Multi-useroperatingsystemssuchasWindowsVistaandWindowsServer2008,keeptrackofwhichuserisusingwhichresource,grantresourcerequests,accountforresourceusage,andmediateconflictingrequestsfromdifferentprogramsandusers.
TheTargetofEvaluation(TOE)identifiedinthisValidationReporthasbeenevaluatedinpartataNIAPapprovedCommonCriteriaTestingLaboratoryusingtheCommonMethodologyforITSecurityEvaluation(Version2.
3)andinpartbyNSAforconformancetotheCommonCriteriaforITSecurityEvaluation(Version2.
3).
ThisValidationReportappliesonlytothespecificversionoftheTOEasevaluated.
TheevaluationhasbeenconductedinaccordancewiththeprovisionsoftheNIAPCommonCriteriaEvaluationandValidationSchemeandNSAandtheconclusionsofthetestinglaboratoryintheevaluationtechnicalreportareconsistentwiththeevidenceprovided.
Thevalidationteammonitoredtheactivitiesoftheevaluationteam,observedevaluationtestingactivities,providedguidanceontechnicalissuesandevaluationprocesses,andreviewedtheindividualworkunitsandsuccessiveversionsoftheETR.
ThevalidationteamfoundthattheevaluationshowedthattheproductsatisfiesallofthefunctionalrequirementsandassurancerequirementsstatedintheSecurityTarget(ST).
Thereforethevalidationteamconcludesthatthetestinglaboratory'sfindingsareaccurate,theconclusionsjustified,andtheconformanceresultsarecorrect.
Theconclusionsofthetestinglaboratoryintheevaluationtechnicalreportareconsistentwiththeevidenceproduced.
2BasedupontheworkoftheSAICevaluationteamandNSAevaluationteam,theCCEVSconcludedthattheCommonCriteriarequirementsforEvaluationAssuranceLevel(EAL4)augmentedwithALC_FLR.
3havebeenmet.
ThetechnicalinformationincludedinthisreportwasobtainedfromtheWindowsVistaandWindowsServer2008SecurityTargetandanalysisperformedbytheValidationTeam.
2IdentificationTheCCEVSisajointNationalSecurityAgency(NSA)andNationalInstituteofStandardsefforttoestablishcommercialfacilitiestoperformtrustedproductevaluations.
Underthisprogram,securityevaluationsareconductedbycommercialtestinglaboratoriescalledCommonCriteriaTestingLaboratories(CCTLs)usingtheCommonEvaluationMethodology(CEM)forEvaluationAssuranceLevel(EAL)1through4inaccordancewithNationalVoluntaryLaboratoryAssessmentProgram(NVLAP)accreditation.
TheNIAPValidationBodyassignsValidatorstomonitortheCCTLstoensurequalityandconsistencyacrossevaluations.
DevelopersofinformationtechnologyproductsdesiringasecurityevaluationcontractwithaCCTLandpayafeefortheirproduct'sevaluation.
Uponsuccessfulcompletionoftheevaluation,theproductisaddedtoNIAP'sValidatedProductsList.
Table1providesinformationneededtocompletelyidentifytheproduct,including:TheTargetofEvaluation(TOE):thefullyqualifiedidentifieroftheproductasevaluated.
TheSecurityTarget(ST),describingthesecurityfeatures,claims,andassurancesoftheproduct.
Theconformanceresultoftheevaluation.
TheProtectionProfiletowhichtheproductisconformant.
Theorganizationsandindividualsparticipatingintheevaluation.
Table1:EvaluationIdentifiersItemIdentifierEvaluationSchemeUnitedStatesNIAPCommonCriteriaEvaluationandValidationSchemeTOE:WindowsVistaandWindowsServer2008ProtectionProfileControlledAccessProtectionProfile,Version1.
d,NationalSecurityAgency,8October1999ST:WindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009EvaluationTechnicalReportEvaluationTechnicalReportForWindowsVistaandWindowsServer2008(Proprietary),Version2.
0,August3,2009CCVersionCommonCriteriaforInformationTechnologySecurityEvaluation,Version2.
3ConformanceResultCCPart2extended,CCPart3conformant3ItemIdentifierSponsorMicrosoftCorporationDeveloperMicrosoftCorporationCommonCriteriaTestingLab(CCTL)SAIC,Columbia,MDCCEVSValidatorsJamesDonndelinger,AerospaceCorporation,Columbia,MDShaunGilmore,NationalSecurityAgency,Ft.
Meade,MD3ArchitecturalInformationNote:ThefollowingarchitecturaldescriptionisbasedonthedescriptionpresentedintheSecurityTarget.
3.
1TOEOverviewWindowsVistaandWindowsServer2008areoperatingsystemsthatsupportsbothworkstationandserverinstallations.
TheTOEincludesfourproductvariantsofWindowsVistaandWindowsServer2008:WindowsVistaEnterprise,WindowsServer2008Standard,WindowsServer2008Enterprise,andWindowsServer2008Datacenter.
TheserverproductsadditionallyprovideDCfeaturesincludingtheActiveDirectoryandKerberosKeyDistributionCenter(KDC).
TheserverproductsintheTOEalsoprovideInternetInformationServices(IIS),CertificateServices,RPCoverHTTPProxy,FileReplication,DirectoryReplication,DomainNameSystem(DNS),DynamicHostConfigurationProtocol(DHCP),DistributedFileSystem(DFS)service,andRemovableStorageManager.
Allvariantsincludethesamesecurityfeatures.
Theprimarydifferencebetweenthevariantsisthenumberofusersandtypesofservicestheyareintendedtosupport.
WindowsVistaissuitedforbusinessdesktopsandnotebookcomputers(notethatonlydesktopsareincludedintheevaluatedconfiguration);itistheworkstationproduct.
Designedfordepartmentalandstandardworkloads,WindowsServer2008Standarddeliversintelligentfileandprintersharing;secureconnectivitybasedonInternettechnologies,andcentralizeddesktoppolicymanagement.
WindowsServer2008EnterprisediffersfromWindowsServer2008Standardprimarilyinitssupportforhigh-performanceserversforgreaterloadhandling.
Thesecapabilitiesprovidereliabilitythathelpsensuresystemsremainavailable.
WindowsServer2008Datacenterprovidesthenecessaryscalableandreliablefoundationtosupportmission-criticalsolutionsfordatabases,enterpriseresourceplanningsoftware,high-volume,real-timetransactionprocessing,andserverconsolidation.
ThesecurityfeaturesaddressedbythissecuritytargetarethoseprovidedbyWindowsVistaandWindowsServer2008asoperatingsystems.
MicrosoftprovidesseveralWindowVistaandWindowsServer2008softwareapplicationsthatareconsideredoutsidethescopeofthedefinedTOEandthusnotpartoftheevaluatedconfiguration.
Servicesoutsidethisevaluationinclude:e-mailservice,TerminalService,MicrosoftMessageQueuing,RightManagementService,ReadyBoost,andsupportforMultipleConcurrentUsers(e.
g.
,quick4userswitching).
ThefeaturesidentifiedanddescribedinthissectionareincludedintheTOEandassucharewithinthescopeoftheevaluation.
ThefollowingtablesummarizestheTOEconfigurationsincludedintheevaluation.
WindowsVistaEnterprise(32bitand64bit)WindowsServer2008Standard(64bit)WindowsServer2008Enterprise(64bit)WindowsServer2008DatacenterSingleProcessorXXXN/AMultipleProcessorXXXXStand-aloneXXXXDomainMemberXXXXDomainControllerN/AN/AXXVariationsasaDomainElement2242TotalVariations44633.
2TOEPhysicalBoundariesPhysically,eachTOEworkstationorserverconsistsofanx86orx64machineorequivalentprocessor(fromtheIntelCeleron,IntelPentium,IntelCore2,AMDSempron,AMDAthlon,orAMDPhenomprocessorfamilies)withuptofour(4)CPUsforastandardServerproduct,uptoeight(8)CPUsfortheEnterpriseServerproduct,andupto32CPUsfortheDatacenterproduct.
Asetofdevicesmaybeattachedandtheyarelistedasfollows:DisplayMonitor,Keyboard,Mouse,CD-ROMDriveFixedDiskDrives,Printer,AudioAdaptor,NetworkAdaptor,andSmartCardReader.
5TheTOEdoesnotincludeanyphysicalnetworkcomponentsbetweennetworkadaptorsofaconnection.
TheSTassumesthatanynetworkconnections,equipment,andcablesareappropriatelyprotectedintheTOEsecurityenvironment.
3.
3TOELogicalBoundaryThissectionidentifiesthesecurityfunctionsthattheTSFprovides.
SecurityAuditUserdataprotectionIdentificationandauthenticationSecuritymanagementCryptographicprotectionProtectionoftheTOESecurityFunctionsResourceUtilizationSessionLocking3.
3.
1SecurityAuditWindowsVistaandWindowsServer2008havetheabilitytocollectauditdata,reviewauditlogs,protectauditlogsfromoverflow,andrestrictaccesstoauditlogs.
Auditinformationgeneratedbythesystemincludesdateandtimeoftheevent,userwhocausedtheeventtobegenerated,computerwheretheeventoccurred,andothereventspecificdata.
Authorizedadministratorscanreviewauditlogs.
3.
3.
2UserDataProtectionWindowsVistaandWindowsServer2008protectuserdatabyenforcingseveralaccesscontrolpolicies(DiscretionaryAccessControl,MandatoryIntegrityControl,EncryptingFileSystem,WEBUSERandwebcontentprovideraccesscontrol)andseveralinformationflowpolicies(IPSecfilterinformationflowcontrol,WindowsFirewall);and,objectandsubjectresidualinformationprotection.
WindowsVistaandWindowsServer2008useaccesscontrolmethodstoallowordenyaccesstoobjects,suchasfiles,directoryentries,printers,andwebcontent.
WindowsVistaandWindowsServer2008usesinformationflowcontrolmethodstocontroltheflowofIPtrafficandpackets.
Itauthorizesaccesstotheseresourceobjectsthroughtheuseofsecuritydescriptors(SDs,whicharesetsofinformationidentifyingusersandtheirspecificaccesstoresourceobjects),webpermissions,IPfilters,andportmappingrules.
WindowsVistaandWindowsServer2008alsoprotectsuserdatabyensuringthatresourcesexportedtouser-modeprocessesdonothaveanyresidualinformation.
3.
3.
3IdentificationandAuthenticationWindowsVistaandWindowsServer2008requireeachusertobeidentifiedandauthenticated(usingpasswordorsmartcard)priortoperforminganyfunctions.
An6interactiveuserinvokesatrustedpathinordertoprotecthisI&Ainformation.
WindowsVistaandWindowsServer2008maintaindatabasesofaccountsincludingtheiridentities,authenticationinformation,groupassociations,andprivilegeandlogonrightsassociations.
WindowsVistaandWindowsServer2008includeasetofaccountpolicyfunctionsthatincludetheabilitytodefineminimumpasswordlength,numberoffailedlogonattempts,durationoflockout,andpasswordage.
3.
3.
4SecurityManagementWindowsVistaandWindowsServer2008includeanumberoffunctionstomanagepolicyimplementation.
Policymanagementiscontrolledthroughacombinationofaccesscontrol,membershipinadministratorgroups,andprivileges.
3.
3.
5CryptographicProtectionWindowsVistaandWindowsServer2008provideFIPS-140-2validatedcryptographicfunctionsthatsupportencryption/decryption,cryptographicsignatures,cryptographichashing,cryptographickeyagreement,andrandomnumbergeneration.
TheTOEadditionallyprovidessupportforpublickeys,credentialmanagementandcertificatevalidationfunctionsandprovidessupportfortheNationalSecurityAgency'sSuite,Bcryptoalgorithms.
TheTOEalsoprovidesextensiveauditingsupportinsupportofcryptorequirements,supportforreplaceablerandomnumbergenerators,andakeyisolationservicedesignedtolimitthepotentialexposureofsecretandprivatekeys.
3.
3.
6ProtectionofTOESecurityFunctionsWindowsVistaandWindowsServer2008provideanumberoffeaturestoensuretheprotectionofTOEsecurityfunctions.
WindowsVistaandWindowsServer2008protectsagainstunauthorizeddatadisclosureandmodificationbyusingasuiteofInternetstandardprotocolsincludingIPSecandISAKMP.
WindowsVistaandWindowsServer2008ensureprocessisolationsecurityforallprocessesthroughprivatevirtualaddressspaces,executioncontextandsecuritycontext.
TheWindowsVistaandWindowsServer2008datastructuresdefiningprocessaddressspace,executioncontext,memoryprotection,andsecuritycontextarestoredinprotectedkernel-modememory.
BitLockerprotectsharddrivedatabyprovidingSecureStartup(integritycheckingofearlybootcomponents)andFullVolumeEncryption(FVE).
FVEprotectsdatabyencryptingentirediskvolumes;inthecaseoftheWindowsoperatingsystemvolume,thisincludestheswapandhibernationfiles.
SecureStartupprovidesintegritycheckingoftheearlybootcomponents,ensuringthatFVEdecryptionisperformedonlyifthosecomponentsarefoundtobeunchangedandtheencrypteddriveislocatedintheoriginalcomputer.
3.
3.
7ResourceUtilizationWindowsVistaandWindowsServer2008canlimittheamountofdiskspacethatcanbeusedbyanidentifieduserorgrouponaspecificdiskvolume.
Eachvolumehasasetofpropertiesthatcanbechangedonlybyamemberoftheadministratorgroup.
These7propertiesallowanauthorizedadministratortoenablequotamanagement,specifyquotathresholds,andselectactionswhenquotasareexceeded.
3.
3.
8SessionLockingWindowsVistaandWindowsServer2008providetheabilityforausertolocktheirsessionimmediatelyorafteradefinedinterval.
Itconstantlymonitorsthemouseandkeyboardforactivityandlockstheworkstationafterasetperiodofinactivity.
WindowsVistaandWindowsServer2008allowanauthorizedadministratortoconfigurethesystemtodisplayalogonbannerthatdescribesusagepoliciesbeforethelogondialog.
4AssumptionsThefollowingassumptionsweremadeduringtheevaluationofWindowsVistaandWindowsServer2008:Allconnectionstoperipheraldevicesresidewithinthecontrolledaccessfacilities.
TheTOEonlyaddressessecurityconcernsrelatedtothemanipulationoftheTOEthroughitsauthorizedaccesspoints.
Internalcommunicationpathstoaccesspointssuchasterminalsareassumedtobeadequatelyprotected.
AnyothersystemswithwhichtheTOEcommunicatesareassumedtobeunderthesamemanagementcontrolandoperateunderthesamesecuritypolicyconstraints.
TheTOEisapplicabletonetworkedordistributedenvironmentsonlyiftheentirenetworkoperatesunderthesameconstraintsandresideswithinasinglemanagementdomain.
Therearenosecurityrequirementsthataddresstheneedtotrustexternalsystemsorthecommunicationslinkstosuchsystems.
AuthorizeduserspossessthenecessaryauthorizationtoaccessatleastsomeoftheinformationmanagedbytheTOEandareexpectedtoactinacooperatingmannerinabenignenvironment.
TherewillbeoneormorecompetentindividualsassignedtomanagetheTOEandthesecurityoftheinformationitcontains.
Thesystemadministrativepersonnelarenotcareless,willfullynegligent,orhostile,andwillfollowandabidebytheinstructionsprovidedbytheadministratordocumentation.
TheprocessingresourcesoftheTOEwillbelocatedwithincontrolledaccessfacilitiesthatwillpreventunauthorizedphysicalaccess.
TheTOEhardwareandsoftwarecriticaltosecuritypolicyenforcementwillbeprotectedfromunauthorizedphysicalmodification.
5DocumentationThefollowingdocumentationwasusedasevidencefortheevaluationoftheWindowsVistaandWindowsServer2008:85.
1ConfigurationManagement1.
ValidatedthroughanNSAapprovedevaluationprocess5.
2DeliveryandOperation1.
MicrosoftWindowsCommonCriteriaEvaluationDocument,version6,July29,20095.
3DesignDocumentation1.
SeetheDesignDocumentationListattheendofthedocument.
5.
4GuidanceDocumentation1.
MicrosoftWindowsCommonCriteriaEvaluationDocument,version6,Tuesday,July29,20092.
WindowsVistaSecurityGuide-http://technet.
microsoft.
com/en-us/library/cc507874.
aspx3.
WindowsServer2008SecurityGuide-http://technet.
microsoft.
com/en-us/library/cc264463.
aspx5.
5LifeCycle1.
ValidatedthroughanNSAapprovedevaluationprocess.
5.
6Testing1.
MicrosoftWindowsCommonCriteriaEvaluationTestPlan,Rev:14,7/29/20092.
64BitKernelDebugSupportTestSuite,Rev:1,11/30/20073.
AccessControl(ACL)TestSuite,Rev:5,07/19/20094.
ACPIDriverTestSuite,,Rev:3,02/09/20095.
AdministratorAccessTestSuite,Rev:22,07/19/20096.
AdvancedLocalProcessCommunicationTestSuite,Rev:4,06/25/20097.
ApplicationCompatibilitySupportTestSuite,Rev:5,06/13/20098.
ApplicationExperienceLookupServiceTestSuite,Rev:2,05/12/20089.
ApplicationInformationServiceTestSuite,Rev:3,04/23/200910.
AuthenticationProviderTestSuite,Rev:1.
3,05/27/200911.
BackgroundIntelligentTransferServiceTestSuite,Rev:11,07/04/200912.
BaseFilteringEngineServiceTestSuite,Rev:2,04/09/200913.
BitsServerISAPIExtensionsTestSuite,Rev:2,04/29/200914.
BowserDriverTestSuite,Rev:1,06/23/200915.
(OS)CertificateServerTestSuite,Rev2.
0,06/04/200916.
ClientSideCachingDriverTestSuite,Rev:4,06/30/200917.
COM+TestSuite,Rev:4,07/06/200918.
COM+EventSystemServiceTestSuite,Rev:2.
1,07/03/2009919.
ComputerBrowserServiceTestSuite,Rev:4,06/04/200920.
ConfigurationManagerTestSuite,Rev:4,07/05/200921.
CredentialManagerTestSuite,Rev:6,06/13/200922.
DataExecutionPreventionTestSuite,Rev:99,04/24/200923.
DesktopWindowManagerTestSuite,Rev:1.
0,07/04/200924.
DevicesTestSuite,Rev:99,04/24/200925.
DirectoryServicesReplicationTestSuite,Rev:2.
1,06/05/200926.
DistributedCOMServicesTestSuite,Rev:2.
1,02/06/200927.
DistributedFileSystemFilterDriverTestSuite,Rev:1,11/22/2006)28.
DistributedFileSystemReplicationServiceTestSuite,Rev:6,02/04/200929.
DistributedTransactionCoordinatorTestSuite,Rev:2,06/19/200930.
EventTracingForWindowsTestSuite,Rev:1,07/05/200931.
ExecutiveObjectServicesTestSuite,Rev:6,07/06/200932.
FileinfoFsMinifilterDriverTestSuite,Rev:2,06/23/200833.
GDITestSuite,Rev2.
1,07/19/200934.
GobyCryptographicTestSuite,Rev:1.
0,06/05/200735.
HandleEnforcementTestSuite,Rev:5,7/19/200936.
HardwareTestSuite,Rev:1,06/12/2009,X64Rev:99,04/24/2009,IA32Rev:99,04/24/2009,IA64Rev:2,05/01/2006)37.
HIDClassLibraryTestSuite,Rev:99,02/17/200638.
HTTPClientTestSuite,Rev:3.
1,06/30/200939.
IISCoadminDLLTestSuite,Rev:1,06/30/200940.
ImpersonationTestSuite,Rev:2.
2,07/24/200941.
InternetKeyExchangeTestSuite,Rev2,06/13/200942.
IPHelperServiceTestSuite,Rev:99,06/12/200943.
IPSECTestSuite,Rev2.
3,08/12/200544.
ISAPIDLLForWebPrintingTestSuite,Rev:1,04/27/200945.
KDCTestSuite,Rev:1.
8,06/02/200946.
KernelDebugManagerTestSuite,Rev:5,06/04/200947.
KernelModeDriverFrameworkTestSuite,Rev:1,05/13/200948.
KernelModeWMITestSuite,Rev:99,06/11/200949.
KernelTransactionManagerTestSuite,Rev:99,04/07/200950.
LDAPTestSuite,Rev:2.
0,06/05/200951.
LocalSessionManagerTestSuite,Rev:1.
0,06/30/200952.
MAPITestSuite,Rev:1.
4,06/30/200953.
MemoryManagerTestSuite,Rev:2,07/05/200954.
MiscellaneousTestSuite,Rev:3.
5,07/05/200955.
MultipleUNCProviderAndDFSClientTestSuite,Rev:2,12/18/200756.
NDIS5.
1WrapperDriverTestSuite,Rev:2,12/18/200757.
NetworkStoreInterfaceProxyTestSuite,Rev:6,04/21/200958.
NetworkSupportTestSuite,Rev:4,07/24/200959.
ObjectManagerTestSuite,Rev:2,03/19/200960.
ObjectReuseTestSuite,Rev2.
1,06/30/200961.
PlugAndPlayManagerTestSuite,Rev:4,01/29/200962.
PowerManagerTestSuite,Rev:5,01/29/200963.
PrivilegeTestSuite,Rev:17,07/19/20091064.
RPCProxyTestSuite,Rev:2,05/30/200665.
RSOPServiceApplicationTestSuite,Rev:9,06/04/200966.
ServerNetworkDriverTestSuite,Rev0.
8,06/12/200967.
SMB2.
0ServerDriverTestSuite,Rev:1,06/03/200968.
SMBMini-RedirectorTestSuite,Rev:5,06/12/200969.
SMBTransportDriverTestSUITE,Rev:2,06/03/200970.
SpecialAccessTestSuite,Rev:34,07/24/200971.
SuperfetchServiceHostRev:2,05/15/200872.
TaskSchedulerEngineTestSuite,Rev:9,05/18/200673.
TcpipDriverTestSuite,06/10/200974.
TDItranslationdriver(TDX)testSuite,Rev:1,04/02/200975.
TDIWrapperTestSuite,Rev:2,04/15/200876.
TokenTestSuite,Rev:1.
8,06/06/200977.
TPMBaseServicesTestSuite,Rev:99,01/23/200978.
TrustedInstallerTestSuite,Rev:4,02/16/2000979.
USB1.
1&2.
0PortDriverTestSuite,Rev:1,06/11/200980.
USBMassStorageTestSuite,Rev:4,06/12/200981.
UserTestSuite,Rev1.
4,07/05/200982.
UserModeDriverFrameworkReflectorTestSuite,Rev:1,06/26/200983.
UserProfileServiceTestSuite,Rev:4,07/04/200984.
VDMParallelDriverTestSuite,Rev:99,06/23/200985.
VirtualDiskServiceTestSuite,Rev:1,06/03/200986.
VirtualDosMachineTestSuite,Rev:2,02/06/200887.
VolumeManagerDriverTestSuite,Rev:99,04/02/200988.
VolumeShadowCopyDriverTestSuite,Rev:1.
6/11/200989.
WindowsCryptographicPrimitivesLibraryTestSuite,Rev:1,06/10/200990.
WindowsEventLogServiceTestSuite,Rev:1,06/10/200991.
WindowsFirewallTestSuite,Rev1,06/30/200992.
WindowsOSStartupTestSuite,Rev:2,02/24/200993.
WindowsTimeServiceTestSuite,Rev:1,05/25/200994.
WindowsUpdateAutoupdateEngineTestSuite,Rev:1.
1,06/10/200995.
WindowsUpdateAutoupdateServiceTestSuite,Rev:1,11/08/2006)96.
WMIProviderHostTestSuite,Rev:1,07/01/200997.
TestCode98.
ActualTestResults5.
7VulnerabilityAssessment1.
WindowsVistaandWindowsServer2008MisuseAnalysisVersion0.
2,July6,20092.
MicrosoftWindows2008/VistaStrengthofFunctionAnalysis(AVA_SOF),Version0.
1,31January2009116ITProductTestingThissectiondescribesthetestingeffortsofthedeveloperandtheEvaluationTeam.
ItisderivedfrominformationcontainedintheEvaluationTeamTestReportfortheWindowsVistaandWindowsServer2008,Version1.
0,July31,2009.
6.
1DeveloperTestingThedevelopertestedtheinterfacesidentifiedinthefunctionalspecificationandmappedeachtesttothesecurityfunctiontested.
ThescopeofthedevelopertestsincludedallTOESecurityFunctionsandtheentireTSFInterface(TSFI).
Wheretestingwasnotpossible,codeanalysiswasusedtoverifytheTSFIbehavior.
Theevaluationteamdeterminedthatthedeveloper'sactualtestresultsmatchedthevendor'sexpectedresults6.
2EvaluationTeamIndependentTestingTheevaluationteamensuredthattheTOEperformedasdescribedinthedesigndocumentationanddemonstratedthattheTOEenforcestheTOEsecurityfunctionalrequirements.
Specifically,theevaluationteamensuredthatthedevelopertestdocumentationsufficientlyaddressesthesecurityfunctionsasdescribedinthesecuritytargetandtheTSFIasdescribedintheFunctionalSpecification.
ItshouldbenotedthattheTSFItestingwaslimitedtotestingsecuritychecksfortheinterface.
TheTSFIinputparameterswerenotexercisedforerroneousandanomalousinputs.
Theevaluationteamperformedasampleofthedeveloper'stestSuite,anddevisedanindependentsetofteamtests.
Theevaluationteamdeterminedthatthevendor'stestSuite,wascomprehensive.
ThustheindependentsetofCCTLdevelopedteamtestswaslimited.
Atotaloftwentyfour(24)teamtestsweredevisedandcoveredthefollowingareas:ResidualInformationProtection,TSFSecurityFunctionsManagement,TOESecurityBanners,SessionLocking,Identification&Authentication,TOEAccessRestriction,andAccessControlonEncryptedFiles.
6.
3VulnerabilityAnalysisAdditionaltestingtoaddresstheAVA_VLA.
3requirementswasperformedbytheNationalSecurityAgency(NSA)andcompletedinAugust2009.
UsingtheresultsoftheevaluationbytheCCTLevaluationteam,theNSAevaluationteaminstalledtheTOEevaluatedconfigurationandconductedAVA_VLA.
3vulnerabilitytesting.
TheNSAteamutilizedthesamecategoryoftoolsusedbytheCCTLforpenetrationtesting,aswellasin-housedevelopedtools,whichenabledtheteamtodeterminethattheTOEwasresistanttopenetrationattacksperformedbyattackerswithhighattackpotential.
7EvaluatedConfigurationTheevaluatedconfigurationwastestedintheconfigurationidentifiedinthissection.
Theevaluationresultsarevalidforthevariousrealizablecombinationsofconfigurationsofhardwareandsoftwarelistedinthissection.
AhomogeneousWindowssystemconsistingofvariousServers,DomainControllers,andWorkstationsusingthevarioushardwareand12softwarelistedinthissectionmaintainsitssecurityratingwhenoperatedusingthesecureusageassumptionslistedinSection4ofthisvalidationreport.
TOESoftwareIdentification–ThefollowingWindowsOperatingSystems(OS'):MicrosoftWindowsVistaEnterpriseEdition(32-bitand64-bitversions)MicrosoftWindowsServer2008StandardEdition(64-bitversion)MicrosoftWindowsServer2008EnterpriseEdition(64-bitversion)MicrosoftWindowsServer2008DatacenterEditionThefollowingsecurityupdatesandpatchesmustbeappliedtotheaboveVistaproducts:Allsecurityupdatesasof9June2009,excludingtheServicePack2update.
ThefollowingsecurityupdatesmustbeappliedtotheaboveWindowsServer2008products:Allsecurityupdatesasof9June2009,excludingtheServicePack2update.
TOEHardwareIdentification–Thefollowinghardwareplatformsareincludedintheevaluatedconfiguration:DellOptiplex755,3.
0GHzIntelCore2DuoE8400,64-bitDellPowerEdgeSC1420,3.
6GHzIntelXeonProcessor(1CPU),32-bitDellPowerEdge1800,3.
2GHzIntelXeonProcessor(1CPU),32-bitDellPowerEdge2970,1.
7GHzquadcoreAMDOpteron2344Processor(2CPUs),64-bitHPProliantDL385G5,2.
1GHzquadcoreAMDOpteron2352Processor(2CPUs),64-bitHPProliantDL385,2.
6GHzAMDOpteron252Processor(2CPUs),64-bitUnisysES7000Model7600R,2.
6GHzIntelXeon(6-core)(8CPUs),64-bitGemPlusGemPCTwinUSBsmartcardsTousetheproductintheevaluatedconfiguration,theproductmustbeconfiguredasspecifiedintheMicrosoftWindowsCommonCriteriaEvaluationDocument,version6,July29,2009.
8ResultsoftheEvaluationTheresultsoftheassurancerequirementsaregenerallydescribedinthissectionandarepresentedindetailintheproprietaryETR.
ThereaderofthisdocumentcanassumethatallEAL4augmentedwithALC_FLR.
3andAVA_VLA.
3workunitsreceivedapassingverdict.
Averdictforanassurancecomponentisdeterminedbytheresultingverdictsassignedtothecorrespondingevaluatoractionelements.
TheevaluationwasconductedbaseduponCCversion2.
3andCEMversion2.
3[5],[6].
TheevaluationdeterminedtheWindows13VistaandWindowsServer2008TOEtobePart2extended,andtomeetthePart3EvaluationAssuranceLevel(EAL4)augmentedwithALC_FLR.
3requirements.
Thefollowingevaluationresultsareextractedfromthenon-proprietaryEvaluationTechnicalReportprovidedbytheCCTLaswellasinputfromtheNSAevaluators,andareaugmentedwiththevalidator'sobservationsthereof.
8.
1EvaluationoftheSecurityTarget(ASE)TheevaluationteamappliedeachASECEMworkunit.
TheSTevaluationensuredtheSTcontainsadescriptionoftheenvironmentintermsofpoliciesandassumptions,astatementofsecurityrequirementsclaimedtobemetbytheWindowsVistaandWindowsServer2008productsthatareconsistentwiththeCommonCriteria,andproductsecurityfunctiondescriptionsthatsupporttherequirements.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
2EvaluationoftheConfigurationManagementCapabilities(ACM)Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified8.
3EvaluationoftheDeliveryandOperationDocuments(ADO)TheSAICevaluationteamfollowedtheConfigurationGuidetotesttheinstallationprocedurestoensuretheproceduresresultintheevaluatedconfiguration.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
4EvaluationoftheDevelopment(ADV)TheSAICevaluationteamappliedeachEAL4ADVCEMworkunitforthefunctionalspecificationandsecuritypolicymodelportionsofthedesignevaluation.
TheevaluationteamalsoensuredthatthecorrespondenceanalysisbetweenthefunctionalspecificationandtheSTwasaccurate.
Lastly,theSAICevaluationteamsampledthesourcecodetoensurethatthefunctionalspecificationwascorrectlyrepresentedbasedupontheimplementation.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
148.
5EvaluationoftheGuidanceDocuments(AGD)TheevaluationteamappliedeachEAL4AGDCEMworkunit.
TheevaluationteamensuredtheadequacyoftheuserguidanceindescribinghowtousetheoperationalTOE.
Additionally,theevaluationteamensuredtheadequacyoftheadministratorguidanceindescribinghowtosecurelyadministertheTOE.
Bothoftheseguideswereassessedduringthedesignandtestingphasesoftheevaluationtoensuretheywerecomplete.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
6EvaluationoftheTestDocumentationandtheTestActivity(ATE)TheevaluationteamappliedthecoverageandindependenttestingCEMworkunits.
Specifically,theevaluationteamensuredthatthevendortestdocumentationsufficientlyaddressesthesecurityfunctionsasdescribedinthefunctionalspecification.
Theevaluationteamre-rantheentirevendortestsuite,,anddevisedanindependentsetofteamtests.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
7VulnerabilityAssessmentActivity(AVA)TheSAICevaluationteamappliedtheAVA_MSU.
2andAVA_SOF.
1workunits.
TheevaluationteamensuredthattheTOEdocumentationdoesnoteasilymisleadanadministratorandthatthepasswordmechanismmeetsallstatedclaimsintheST.
ThevalidatorreviewedtheworkoftheevaluationteamandNSApenetrationtestingteam(AVA_VLA.
3),andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
8SummaryofEvaluationResultsThevalidationteam'sassessmentoftheevidenceprovidedbytheevaluationteamisthatitdemonstratesthattheevaluationteamfollowedtheproceduresdefinedintheCEM,andcorrectlyverifiedthattheproductmeetstheclaimsintheST.
9ValidatorComments/RecommendationsTheEvaluationTeamiscommendedfortheirtestingactivitiesofsuchacomplexsystem,andtheireffortstovalidatetheevaluatedconfigurationduringteamtesting.
Thevalidatorsofthisevaluationwanttomakeitcleartothosedeployingtheseproductsintheirsystemsthattheanalysisandtestingforthisevaluationwaspredicatedonthenotionofahomogeneousnetwork.
Thismeanstheanalysisandsecurityfunctionaltestingdidnot15addressthepossibilityofanuntrusteduserfrominjectingarawframeonthenetwork,sinceusersofthewindowsmachinesareprohibitedfromdoingthis.
.
10AnnexesNotapplicable.
11SecurityTargetTheSecurityTargetisidentifiedasMicrosoftWindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009.
1612GlossaryThefollowingdefinitionsareusedthroughoutthisdocument:CommonCriteriaTestingLaboratory(CCTL).
AnITsecurityevaluationfacilityaccreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheCCEVSValidationBodytoconductCommonCriteria-basedevaluations.
Conformance.
Theabilitytodemonstrateinanunambiguouswaythatagivenimplementationiscorrectwithrespecttotheformalmodel.
Evaluation.
TheassessmentofanITproductagainsttheCommonCriteriausingtheCommonCriteriaEvaluationMethodologytodeterminewhetherornottheclaimsmadearejustified;ortheassessmentofaprotectionprofileagainsttheCommonCriteriausingtheCommonEvaluationMethodologytodetermineiftheProfileiscomplete,consistent,technicallysoundandhencesuitableforuseasastatementofrequirementsforoneormoreTOEsthatmaybeevaluated.
EvaluationEvidence.
Anytangibleresource(information)requiredfromthesponsorordeveloperbytheevaluatortoperformoneormoreevaluationactivities.
Feature.
Partofaproductthatiseitherincludedwiththeproductorcanbeorderedseparately.
TargetofEvaluation(TOE).
AgroupofITproductsconfiguredasanITsystem,oranITproduct,andassociateddocumentationthatisthesubjectofasecurityevaluationundertheCC.
Validation.
TheprocesscarriedoutbytheCCEVSValidationBodyleadingtotheissueofaCommonCriteriacertificate.
ValidationBody.
Agovernmentalorganizationresponsibleforcarryingoutvalidationandforoverseeingtheday-to-dayoperationoftheNIAPCommonCriteriaEvaluationandValidationScheme.
13BibliographyTheValidationTeamusedthefollowingdocumentstoproducethisValidationReport:[1]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part1:IntroductionandGeneralModel,Version2.
3,August2005.
[2]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part2:SecurityFunctionalRequirements,Version2.
3,August2005.
[3]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part3:SecurityAssuranceRequirements,Version2.
3,August2005.
17[4]CommonCriteriaProjectSponsoringOrganisations.
CommonEvaluationMethodologyforInformationTechnologySecurity,Version2.
3,August2005.
[5]CommonCriteriaProjectSponsoringOrganisations.
CommonEvaluationMethodologyforInformationTechnologySecurity–Part2:EvaluationMethodology,Version2.
3,August1999.
[6]CommonCriteria,EvaluationandValidationSchemeforInformationTechnologySecurity,GuidancetoValidatorsofITSecurityEvaluations,SchemePublication#3,Version1.
0,January2002.
[7]ScienceApplicationsInternationalCorporation.
EvaluationTechnicalReportfortheWindowsVistaandWindowsServer2008Part2(Proprietary),Version2.
0,July31,2009.
[8]ScienceApplicationsInternationalCorporation.
EvaluationTeamTestReportforWindowsVistaandWindowsServer2008Part2Supplement(SAICandMicrosoftProprietary),Version1.
0,July31,2009.
Note:ThisdocumentwasusedonlytodevelopsummaryinformationregardingthetestingperformedbytheCCTL.
[10]WindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009.
14DesignDocumentationListingGeneralProductDocumentationVersionDateSecurityPolicyModel.
doc122/12/2009FunctionalSpecificationCompletenessRationale.
doc25/28/2009CertificateServerComponent(OS)CertificateServiceDefaultExitModule.
doc27/22/2009(OS)CertificateServiceDefaultPolicyModule.
doc27/22/2009(OS)CertificateService.
doc47/22/2009CryptographicSupportFVECrashDumpDriver0.
037/22/2009FVEDriver0.
067/28/2009TPMBasedServices0.
077/28/2009TPMDriver0.
037/28/2009ExecutiveComponent64bitKernelDebugSupport.
doc97/22/2009ApplicationCompatibilitySupport.
doc127/22/2009CacheManager.
doc67/22/2009ConfigurationManager.
doc37/22/2009EventTracingforWindows.
xlsm0.
087/22/2009ExecutiveObjectServices.
doc37/22/2009GraphicsDeviceInterface.
xlsm0.
077/28/2009HardwareAbstractionLayer.
doc67/23/200918KernelDebugManager.
doc27/22/2009KernelModeWindowsManagementInstrumentation.
doc137/22/2009KernelRuntime.
doc157/22/2009KernelRuntimeNewChecksandEffects.
xlsm0.
037/10/2009KernelTranasctionManager.
xlsm0.
097/22/2009LocalProcessCommunication.
doc97/22/2009MemoryManager.
doc87/22/2009MemoryManager.
xlsm0.
047/20/2009Microkernel.
doc157/22/2009MicrokernelNewChecksandEffects.
xlsm0.
027/22/2009ObjectManager.
doc37/22/2009PlugandPlayManager.
doc77/22/2009PlugandPlayManagerNewChecksandEffects.
xlsm0.
077/22/2009PowerManager.
doc127/22/2009ProcessManager.
doc27/22/2009ProcessManagerNewChecksandEffects.
xlsm0.
087/22/2009SecurityReferenceMonitor.
doc167/22/2009VirtualDOSMachine.
doc27/22/2009WindowManager(User).
xlsm0.
087/22/2009HardwareComponentAMDHardware.
doc135/31/2009IntelHardware.
doc125/31/2009InternetInformationServicesComponentBITSServerExtensionsISAPI.
doc67/23/2009IISCoAdminDLL.
doc47/23/2009IISISAPIHandler.
doc27/23/2009IISMetadataDLL.
doc37/23/2009InternetInformationServicesResetControl.
doc27/23/2009IISRPCProxy.
doc57/23/2009IISWebAdminService.
doc67/23/2009IISWebAdminService.
xlsm0.
047/23/2009IISWebServerCore.
doc67/23/2009IISWorkerProcess.
doc27/23/2009InternetInformationServices.
doc27/23/2009ISAPIDLLforWebPrinting.
doc47/23/2009MetadataandAdminService.
doc27/23/2009WAMRegistrationDLL.
doc37/23/2009WinHTTPWebProxyAutoDiscoveryService.
doc27/23/2009I/OCoreComponentFileSystemRecognizer.
doc36/2/2009IOManager.
doc37/23/2009IOManager.
xlsm0.
067/23/2009KernelModeDriverFramework.
xlsm0.
067/23/2009KernelSecurityDeviceDriver.
doc37/23/200919MountManager.
doc37/23/2009UserModeDriverFrameworkReflector.
xlsm0.
077/23/2009I/ODevicesComponentACPIDriver.
doc77/23/2009AdvancedHostControllerInterfaceDriver.
xlsmdoc0.
57/23/2009ALIIDEMiniportDriver0.
37/23/2009AMDIDEMiniportDriver0.
37/23/2009AMDK8ProcessorDriver.
xlsm0.
27/23/2009ATAportDriverExtension.
xlsm0.
67/23/2009ATIATI2MTADMiniportDriver.
doc77/23/2009AudioPortClassDriver.
doc37/23/2009BeepDriver.
doc47/23/2009BroadcomBCM5708CNetXtremeGigabitNICMiniportDriver.
doc37/23/2009CompositeBatteryDriver.
xlsm0.
47/23/2009FileSystemFilterManager.
doc57/23/2009HardwareErrorDeviceDriver.
xlsm0.
37/23/2009HIDClassLibrary.
doc57/23/2009HIDKeyboardFilterDriver.
doc47/23/2009HIDMouseFilterDriver.
doc47/23/2009HIDParsingLibrary.
doc47/23/2009HPProliantSmartArray.
doc47/23/2009i8042PortDriver.
doc37/23/2009IDEATAPIPortDriver.
doc27/23/2009IntelPro1000e1e6032eNICMiniportDriver.
doc77/23/2009IntelPro1000e1g6032eNICMiniportDriver.
doc37/23/2009IntelligentIOMiniportDriver.
doc37/23/2009IntelligentIOUtilityFilterDriver.
doc37/23/2009IntelligentPlatformManagementInterfaceDriver.
xlsm0.
67/23/2009ISAandEISAClassDriver.
xlsm0.
47/23/2009KeyboardClassDriver.
doc37/23/2009LSISerialAttachedSCSIDriver.
doc37/23/2009MicrosoftSystemManagementBIOSDriver.
xlsm0.
27/23/2009MonitorClassFunctionDriver.
xlsm0.
47/23/2009MouseClassDriver.
doc37/23/2009NULLDriver.
doc37/23/2009ParallelPortDriver.
doc37/23/2009PartitionManager.
doc47/23/2009PlugandPlayPCIEnumerator.
doc37/23/2009PlugandPlaySoftwareDeviceEnumerator.
doc176/3/2009PnPDiskDriver.
doc37/23/2009PNPISABusDriver.
doc37/23/2009ProcessorDeviceDriver.
doc37/23/2009SCSICD-ROMDriver.
doc47/23/2009SCSIClassSystemDLL.
doc47/23/200920SCSIPortDriver.
doc177/23/2009SCSITapeClassDriver.
doc117/23/2009SerialDeviceDriver.
doc37/23/2009SerialPortEnumerator.
doc37/23/2009SmartCardDriverLibrary.
doc37/23/2009StoragePortDriver.
doc187/23/2009USB1.
1&2.
0PortDriver.
doc37/23/2009USBCCIDDriver.
doc37/23/2009USBCommonClassGenericParentDriver.
doc37/23/2009USBHostControllerInterfaceMiniportDrivers.
doc37/23/2009USBMassStorageDriver.
doc37/23/2009USBMiniportDriverforInputDevices.
doc37/23/2009USBRootHubDriver.
doc37/23/2009UserModeBusEnumerator.
xlsm0.
37/23/2009VDMParallelDriver0.
57/23/2009VGASuperVGAVideoDriver.
doc37/23/2009VIAIDEMiniportDriver0.
37/23/2009VideoPortDriver.
doc37/23/2009VolumeShadowCopyDriver.
doc47/23/2009WatchdogDriver.
doc37/23/2009WMIforACPIDriver.
doc37/23/2009I/OFileComponentCDROMFileSystem.
doc57/24/2009EncryptingFileSystem.
doc27/24/2009FastFatFileSystem.
doc37/24/2009FileInformationFSMini-Filter.
xlsm0.
067/24/2009MailslotDriver.
doc227/24/2009NPFSDriver.
doc267/24/2009NTFileSystemDriver.
doc67/24/2009UDFFileSystemDriver.
doc27/24/2009VolumeManagerDriver.
xlsm0.
097/24/2009I/ONetworkComponentAncillaryFunctionDriverforWinSock.
doc47/24/2009BowserDriver.
doc37/24/2009ClientSideChachingDriver.
xlsm0.
077/24/2009DistributedFileClient.
xlsm0.
077/24/2009DistributedFileSystemFilterDriver.
doc57/24/2009FWPkClntExportDriver.
xlsm0.
037/24/2009HTTPDriver.
doc77/24/2009IPFilterDriver.
doc47/24/2009IPinIPEncapsulationDriver.
doc27/24/2009LoopbackNetworkDriver.
doc37/24/2009MultipleUNCProviderandDFSClient.
doc47/24/2009NDIS5.
1WrapperDriver.
doc57/24/2009NDISUserModeIODriver.
xlsm0.
047/24/2009NetBTTransportDriver.
doc87/24/200921NetworkStoreInterfaceProxyDriver.
xlsm0.
077/24/2009QosPacketScheduler.
xlsm0.
047/24/2009RDBSS.
doc237/24/2009RemoteNDISMiniport.
doc37/24/2009ServerDriver.
doc47/24/2009ServerNetworkDriver.
xlsm0.
057/24/2009SMBMini-Redirector.
doc37/24/2009SMB2.
0Sub-Redirector.
xlsm0.
037/24/2009SMB2.
0ServerDriver.
xlsm0.
057/24/2009SMBTransportDriver.
doc97/24/2009TCPIPProtocolDriver.
xlsm0.
067/24/2009TDITranslationDriver(TDX).
xlsm0.
057/24/2009TDIWrapper.
doc47/24/2009WebDavMiniRedirector.
doc47/24/2009Winsock2IFSLayerDriver.
doc37/24/2009NetworkSupportComponentCOM+ConfigurationCatalogServer.
doc157/24/2009COM+EventSystemService.
doc77/24/2009COM+Services.
doc77/24/2009DHCPService.
doc87/24/2009DistributedCOMServices.
doc57/24/2009DomainNameService.
doc67/24/2009InternetExtensionsforWin32.
doc37/24/2009InternetKeyExhange.
xlsm0.
077/24/2009IPHelperService.
xlsm0.
056/30/2009NetworkConnectionsManager.
doc76/24/2009NetworkLocationAwarenessService.
doc97/24/2009RPCEndpointMapper.
doc77/24/2009RPCLocator.
doc37/24/2009SimpleTCPIPServicesServiceDLL.
doc37/24/2009TCPIPNetBIOSTransportService.
doc37/24/2009TCPIPServicesApplication.
doc37/24/2009WebDAVServiceDLL.
doc197/24/2009OSSupportComponentBITSService127/24/2009DistributedFileSystemService.
doc67/24/2009PrintSpooler.
doc77/24/2009RemovableStorageManager.
doc57/24/2009SessionManager.
doc27/24/2009WMIAdapterService.
xlsm0.
047/24/2009WMIProviderHost.
doc77/24/2009WMIService.
doc267/24/2009SecurityComponentActiveDirectoryReplicationManagement.
doc57/24/2009CoreDirectoryService.
doc37/24/2009CredentialManager.
doc67/24/200922DataProtectionAPI.
doc57/24/2009DirectoryServicesRoleManagement.
doc57/24/2009EncryptingFileSystemService.
doc87/24/2009IFXCardM.
xlsm0.
027/24/2009Inter-SiteMessaging.
doc47/24/2009IPSecSPDServer.
doc396/24/2009KDCService.
doc47/24/2009KerberosSecurityPackage.
doc37/24/2009KeyIsolationService.
xlsm0.
067/24/2009LDAP.
doc47/24/2009LSAAudit.
doc37/24/2009LSAAuthentication.
doc47/24/2009LSAPolicy.
doc57/24/2009MAPIBasedDirectoryRequest.
doc47/24/2009MicrosoftAuthenticationPackagev1.
0.
doc47/24/2009MicrosoftBaseSmartCardCryptoProvider.
doc27/24/2009MicrosoftDigestAccess.
doc97/24/2009MicrosoftSmartCardKeyStorageProvider.
xlsm0.
037/24/2009NetLogonServicesDLL.
doc67/24/2009NTDSBackupandRestore.
doc47/24/2009PKITrustInstallationandSetup.
doc37/24/2009ProtectedStorageServer.
doc37/24/2009SAMServer.
doc77/24/2009SecondaryLogonService.
doc47/24/2009TLS-SSLSecurityProvider.
doc37/24/2009TrustSigningAPIs.
doc37/24/2009WindowsCryptographicPrimitivesLibrary.
xlsm0.
047/24/2009ServicesComponentApplicationExperienceLookupService.
doc67/24/2009ApplicationInformationService.
xlsm0.
047/24/2009ComputerBrowserService.
doc37/24/2009CryptographicServices.
doc67/24/2009DesktopWindowManager.
xlsm0.
067/24/2009FileReplicationService.
doc67/24/2009GenericHostProcessforWin32Services.
doc27/24/2009InteractiveServiceDetectionforSession0.
xlsm0.
037/24/2009Non-COMWMIEventProvisionAPIs.
doc57/24/2009RemoteRegistryService.
doc47/24/2009ServerServiceDLL.
doc47/24/2009ServicesandControllerApp.
doc77/24/2009SmartCardResourceManagementServer.
doc57/24/2009Superfetch.
doc57/24/2009SystemEventNotificationService.
doc27/24/2009TaskEngine.
xlsm0.
037/24/2009UPnPDeviceHost.
doc27/24/2009User-ModePlug-and-PlayService.
doc287/24/200923UserProfileService.
xlsm0.
067/24/2009VirtualDiskService.
doc67/24/2009VolumeShadowCopyService.
doc37/24/2009WindowsEventLogService.
xlsm0.
067/24/2009WindowsInstallerService.
doc47/24/2009WindowsSecurityCenterService.
doc57/24/2009WindowsSecurityConfigurationEditorEngine.
doc37/24/2009WindowsShellServicesDLL.
doc57/24/2009WindowsTimeService.
doc57/24/2009WindowsUpdateClient47/24/2009WorkstationService.
doc47/24/2009Win32ComponentBaseServer.
doc27/24/2009ClientServerRuntimeProcess.
doc27/24/2009WindowsServerDLL.
doc47/24/2009WindowsFirewallComponentApplicationLayerGatewayService.
doc37/24/2009BaseFilteringEngineService.
xlsm0.
097/24/2009HomeNetworkingConfigurationManager.
doc37/24/2009IPNetworkAddressTranslator.
doc37/24/2009MACBridgeDriver.
doc37/24/2009NATHelper.
doc37/24/2009WinLogonComponentAutoEnrollment.
doc127/24/2009GroupPolicyObjectProcessing.
doc47/24/2009GroupPolicy.
doc47/24/2009LocalSessionManager.
xlsm0.
077/24/2009Syskey.
doc37/24/2009TrustVerificationAPIs.
doc37/24/2009TrustedInstaller.
xlsm0.
057/24/2009UserEnvironment.
doc47/24/2009WindowsFileProtection.
doc37/24/2009WindowsLogonApplication.
doc47/24/2009WindowsLoader.
xlsm0.
037/24/2009WinInit.
xlsm0.
057/24/2009WindowsSmartcardCredentialProvider.
xlsm0.
047/24/2009AdminToolsatexe.
doc0.
47/24/2009auditpol.
doc0.
37/24/2009Auth_Mgr_GUI.
doc1.
37/24/2009Backup_and_Restore.
doc0.
27/24/2009BitLocker0.
47/24/2009CertificationAuthorityGUI.
doc0.
87/24/2009cipher.
exe.
doc0.
27/24/2009COM+Applications.
doc0.
57/24/2009ComputerManagement.
doc0.
27/24/200924DataExecutionPreventionforSysdm27/24/2009DataExecutionPreventionforWMIC0.
27/24/2009Date_and_Time.
doc0.
37/24/2009DCOMConfig.
doc0.
27/24/2009Default_Group_Policy_Object_Restore_Utility.
doc0.
27/24/2009DeviceManager.
doc0.
27/24/2009DHCPSnap-in.
doc0.
27/24/2009DiskManagement.
doc0.
27/24/2009DiskQuotaGUI.
doc0.
37/24/2009DNSSnap-in.
doc0.
27/24/2009DomainsandTrusts.
doc27/24/2009Driver_Verifier_Manager.
doc0.
27/24/2009efsadu.
doc0.
37/24/2009EventViewer.
doc0.
27/24/2009Explorer.
doc0.
27/24/2009GroupPolicyRefresh.
doc0.
27/24/2009GroupPolicy.
doc0.
87/24/2009IIS_Manager_GUI.
doc0.
27/24/2009InitialConfigurationTasksandServerManager0.
27/24/2009IPSecSettingsGUISpec.
doc27/24/2009IPv6MonitorDLL.
doc0.
27/24/2009Network.
doc0.
27/24/2009NetworkConnectionsManager87/24/2009NetworkID.
doc0.
27/24/2009OUDelegation.
doc0.
27/24/2009PrintersGUI.
doc0.
47/24/2009Registry_Editor.
doc0.
27/24/2009RSoP.
doc0.
27/24/2009SAMLockTool.
doc0.
27/24/2009ScheduledTasksCLITool.
doc0.
27/24/2009SCWcmd.
exe.
doc0.
27/24/2009SecurityConfigEditor.
doc0.
27/24/2009SecurityPolicyGUI.
doc1.
97/24/2009SecurityPolicyUI0.
27/24/2009Security_Config_Wiz.
doc0.
27/24/2009Services.
doc0.
27/24/2009Session_Locking.
doc0.
27/24/2009SFC.
doc27/24/2009Share_a_Folder_Wizard.
doc0.
27/24/2009SigverifDesignSpec.
doc0.
27/24/2009SitesandServices.
doc0.
77/24/2009TaskScheduler.
doc0.
27/24/2009UserAccountControl0.
27/24/2009UsersandGroups.
doc0.
27/24/2009VirtualDiskService0.
27/24/2009VolumeShadowCopyServiceCommandLine.
doc0.
27/24/200925WindowsMngtInfra(WMI).
doc0.
27/24/2009Windows_Firewall_GUI.
doc37/24/2009
0NationalInstituteofStandardsandTechnologyNationalSecurityAgencyInformationTechnologyLaboratoryInformationAssuranceDirectorate100BureauDrive9800SavageRoadSTE6757Gaithersburg,MD20899FortGeorgeG.
Meade,MD20755-6757TMiiACKNOWLEDGEMENTSJamesDonndelingerValidationTeamAerospaceCorporationColumbia,MDShaunGilmoreNationalSecurityAgencyFt.
Meade,MDTonyAptedCommonCriteriaTestingLaboratoryTammyComptonTerrieDiazEvePierreQuangTrinhScienceApplicationsInternationalCorporationColumbia,MarylandiiiTableofContents1ExecutiveSummary.
12Identification.
23ArchitecturalInformation33.
1TOEOverview.
33.
2TOEPhysicalBoundaries.
43.
3TOELogicalBoundary.
53.
3.
1SecurityAudit.
53.
3.
2UserDataProtection.
53.
3.
3IdentificationandAuthentication53.
3.
4SecurityManagement63.
3.
5CryptographicProtection.
63.
3.
6ProtectionofTOESecurityFunctions.
63.
3.
7ResourceUtilization.
63.
3.
8SessionLocking.
74Assumptions.
75Documentation.
75.
1ConfigurationManagement85.
2DeliveryandOperation.
85.
3DesignDocumentation.
85.
4GuidanceDocumentation.
85.
5LifeCycle.
85.
6Testing.
85.
7VulnerabilityAssessment106ITProductTesting116.
1DeveloperTesting.
116.
2EvaluationTeamIndependentTesting116.
3VulnerabilityAnalysis117EvaluatedConfiguration.
118ResultsoftheEvaluation128.
1EvaluationoftheSecurityTarget(ASE)138.
2EvaluationoftheConfigurationManagementCapabilities(ACM)138.
3EvaluationoftheDeliveryandOperationDocuments(ADO)138.
4EvaluationoftheDevelopment(ADV)138.
5EvaluationoftheGuidanceDocuments(AGD)148.
6EvaluationoftheTestDocumentationandtheTestActivity(ATE)148.
7VulnerabilityAssessmentActivity(AVA)148.
8SummaryofEvaluationResults.
149ValidatorComments/Recommendations1410Annexes.
1511SecurityTarget.
1512Glossary1613Bibliography1614DesignDocumentationListing1711ExecutiveSummaryThisreportdocumentstheassessmentoftheNationalInformationAssurancePartnership(NIAP)validationteamoftheevaluationofMicrosoftWindowsVistaandWindowsServer2008.
Itpresentstheevaluationresults,theirjustifications,andtheconformanceresults.
ThisValidationReportisnotanendorsementoftheTargetofEvaluationbyanyagencyoftheU.
S.
government,andnowarrantyiseitherexpressedorimplied.
TheevaluationwasperformedbytheScienceApplicationsInternationalCorporation(SAIC)CommonCriteriaTestingLaboratory(CCTL)inColumbia,Maryland,UnitedStatesofAmerica,aswellasevaluatorsfromtheNationalSecurityAgency(NSA)andwascompletedinAugust2009.
TheinformationinthisreportislargelyderivedfromtheEvaluationTechnicalReport(ETR)andassociatedtestreports,writteninpartbySAICandinpartbyNSA.
TheevaluationdeterminedthattheproductisbothCommonCriteriaPart2ExtendedandPart3Conformant,andmeetstheassurancerequirementsofEAL4augmentedwithALC_FLR.
3,AVA_VLA.
3.
TheTargetofEvaluation(TOE)isWindowsVistaandWindowsServer2008providedbyMicrosoft,Corp.
WindowsVistaandWindowsServer2008arepreemptivemultitasking,multiprocessor,andmulti-useroperatingsystems.
Ingeneral,operatingsystemsprovideuserswithaconvenientinterfacetomanageunderlyinghardware.
Theycontroltheallocationandmanagecomputingresourcessuchasprocessors,memory,andInput/Output(I/O)devices.
WindowsVistaandWindowsServer2008expandthesebasicoperatingsystemcapabilitiestocontrollingtheallocationandmanaginghigherlevelITresourcesincludingsecurityprincipals(userandmachineaccounts),files,printingobjects,services,windowstation,desktops,cryptographickeys,networkports/traffics,directoryobjects,andwebcontent.
Multi-useroperatingsystemssuchasWindowsVistaandWindowsServer2008,keeptrackofwhichuserisusingwhichresource,grantresourcerequests,accountforresourceusage,andmediateconflictingrequestsfromdifferentprogramsandusers.
TheTargetofEvaluation(TOE)identifiedinthisValidationReporthasbeenevaluatedinpartataNIAPapprovedCommonCriteriaTestingLaboratoryusingtheCommonMethodologyforITSecurityEvaluation(Version2.
3)andinpartbyNSAforconformancetotheCommonCriteriaforITSecurityEvaluation(Version2.
3).
ThisValidationReportappliesonlytothespecificversionoftheTOEasevaluated.
TheevaluationhasbeenconductedinaccordancewiththeprovisionsoftheNIAPCommonCriteriaEvaluationandValidationSchemeandNSAandtheconclusionsofthetestinglaboratoryintheevaluationtechnicalreportareconsistentwiththeevidenceprovided.
Thevalidationteammonitoredtheactivitiesoftheevaluationteam,observedevaluationtestingactivities,providedguidanceontechnicalissuesandevaluationprocesses,andreviewedtheindividualworkunitsandsuccessiveversionsoftheETR.
ThevalidationteamfoundthattheevaluationshowedthattheproductsatisfiesallofthefunctionalrequirementsandassurancerequirementsstatedintheSecurityTarget(ST).
Thereforethevalidationteamconcludesthatthetestinglaboratory'sfindingsareaccurate,theconclusionsjustified,andtheconformanceresultsarecorrect.
Theconclusionsofthetestinglaboratoryintheevaluationtechnicalreportareconsistentwiththeevidenceproduced.
2BasedupontheworkoftheSAICevaluationteamandNSAevaluationteam,theCCEVSconcludedthattheCommonCriteriarequirementsforEvaluationAssuranceLevel(EAL4)augmentedwithALC_FLR.
3havebeenmet.
ThetechnicalinformationincludedinthisreportwasobtainedfromtheWindowsVistaandWindowsServer2008SecurityTargetandanalysisperformedbytheValidationTeam.
2IdentificationTheCCEVSisajointNationalSecurityAgency(NSA)andNationalInstituteofStandardsefforttoestablishcommercialfacilitiestoperformtrustedproductevaluations.
Underthisprogram,securityevaluationsareconductedbycommercialtestinglaboratoriescalledCommonCriteriaTestingLaboratories(CCTLs)usingtheCommonEvaluationMethodology(CEM)forEvaluationAssuranceLevel(EAL)1through4inaccordancewithNationalVoluntaryLaboratoryAssessmentProgram(NVLAP)accreditation.
TheNIAPValidationBodyassignsValidatorstomonitortheCCTLstoensurequalityandconsistencyacrossevaluations.
DevelopersofinformationtechnologyproductsdesiringasecurityevaluationcontractwithaCCTLandpayafeefortheirproduct'sevaluation.
Uponsuccessfulcompletionoftheevaluation,theproductisaddedtoNIAP'sValidatedProductsList.
Table1providesinformationneededtocompletelyidentifytheproduct,including:TheTargetofEvaluation(TOE):thefullyqualifiedidentifieroftheproductasevaluated.
TheSecurityTarget(ST),describingthesecurityfeatures,claims,andassurancesoftheproduct.
Theconformanceresultoftheevaluation.
TheProtectionProfiletowhichtheproductisconformant.
Theorganizationsandindividualsparticipatingintheevaluation.
Table1:EvaluationIdentifiersItemIdentifierEvaluationSchemeUnitedStatesNIAPCommonCriteriaEvaluationandValidationSchemeTOE:WindowsVistaandWindowsServer2008ProtectionProfileControlledAccessProtectionProfile,Version1.
d,NationalSecurityAgency,8October1999ST:WindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009EvaluationTechnicalReportEvaluationTechnicalReportForWindowsVistaandWindowsServer2008(Proprietary),Version2.
0,August3,2009CCVersionCommonCriteriaforInformationTechnologySecurityEvaluation,Version2.
3ConformanceResultCCPart2extended,CCPart3conformant3ItemIdentifierSponsorMicrosoftCorporationDeveloperMicrosoftCorporationCommonCriteriaTestingLab(CCTL)SAIC,Columbia,MDCCEVSValidatorsJamesDonndelinger,AerospaceCorporation,Columbia,MDShaunGilmore,NationalSecurityAgency,Ft.
Meade,MD3ArchitecturalInformationNote:ThefollowingarchitecturaldescriptionisbasedonthedescriptionpresentedintheSecurityTarget.
3.
1TOEOverviewWindowsVistaandWindowsServer2008areoperatingsystemsthatsupportsbothworkstationandserverinstallations.
TheTOEincludesfourproductvariantsofWindowsVistaandWindowsServer2008:WindowsVistaEnterprise,WindowsServer2008Standard,WindowsServer2008Enterprise,andWindowsServer2008Datacenter.
TheserverproductsadditionallyprovideDCfeaturesincludingtheActiveDirectoryandKerberosKeyDistributionCenter(KDC).
TheserverproductsintheTOEalsoprovideInternetInformationServices(IIS),CertificateServices,RPCoverHTTPProxy,FileReplication,DirectoryReplication,DomainNameSystem(DNS),DynamicHostConfigurationProtocol(DHCP),DistributedFileSystem(DFS)service,andRemovableStorageManager.
Allvariantsincludethesamesecurityfeatures.
Theprimarydifferencebetweenthevariantsisthenumberofusersandtypesofservicestheyareintendedtosupport.
WindowsVistaissuitedforbusinessdesktopsandnotebookcomputers(notethatonlydesktopsareincludedintheevaluatedconfiguration);itistheworkstationproduct.
Designedfordepartmentalandstandardworkloads,WindowsServer2008Standarddeliversintelligentfileandprintersharing;secureconnectivitybasedonInternettechnologies,andcentralizeddesktoppolicymanagement.
WindowsServer2008EnterprisediffersfromWindowsServer2008Standardprimarilyinitssupportforhigh-performanceserversforgreaterloadhandling.
Thesecapabilitiesprovidereliabilitythathelpsensuresystemsremainavailable.
WindowsServer2008Datacenterprovidesthenecessaryscalableandreliablefoundationtosupportmission-criticalsolutionsfordatabases,enterpriseresourceplanningsoftware,high-volume,real-timetransactionprocessing,andserverconsolidation.
ThesecurityfeaturesaddressedbythissecuritytargetarethoseprovidedbyWindowsVistaandWindowsServer2008asoperatingsystems.
MicrosoftprovidesseveralWindowVistaandWindowsServer2008softwareapplicationsthatareconsideredoutsidethescopeofthedefinedTOEandthusnotpartoftheevaluatedconfiguration.
Servicesoutsidethisevaluationinclude:e-mailservice,TerminalService,MicrosoftMessageQueuing,RightManagementService,ReadyBoost,andsupportforMultipleConcurrentUsers(e.
g.
,quick4userswitching).
ThefeaturesidentifiedanddescribedinthissectionareincludedintheTOEandassucharewithinthescopeoftheevaluation.
ThefollowingtablesummarizestheTOEconfigurationsincludedintheevaluation.
WindowsVistaEnterprise(32bitand64bit)WindowsServer2008Standard(64bit)WindowsServer2008Enterprise(64bit)WindowsServer2008DatacenterSingleProcessorXXXN/AMultipleProcessorXXXXStand-aloneXXXXDomainMemberXXXXDomainControllerN/AN/AXXVariationsasaDomainElement2242TotalVariations44633.
2TOEPhysicalBoundariesPhysically,eachTOEworkstationorserverconsistsofanx86orx64machineorequivalentprocessor(fromtheIntelCeleron,IntelPentium,IntelCore2,AMDSempron,AMDAthlon,orAMDPhenomprocessorfamilies)withuptofour(4)CPUsforastandardServerproduct,uptoeight(8)CPUsfortheEnterpriseServerproduct,andupto32CPUsfortheDatacenterproduct.
Asetofdevicesmaybeattachedandtheyarelistedasfollows:DisplayMonitor,Keyboard,Mouse,CD-ROMDriveFixedDiskDrives,Printer,AudioAdaptor,NetworkAdaptor,andSmartCardReader.
5TheTOEdoesnotincludeanyphysicalnetworkcomponentsbetweennetworkadaptorsofaconnection.
TheSTassumesthatanynetworkconnections,equipment,andcablesareappropriatelyprotectedintheTOEsecurityenvironment.
3.
3TOELogicalBoundaryThissectionidentifiesthesecurityfunctionsthattheTSFprovides.
SecurityAuditUserdataprotectionIdentificationandauthenticationSecuritymanagementCryptographicprotectionProtectionoftheTOESecurityFunctionsResourceUtilizationSessionLocking3.
3.
1SecurityAuditWindowsVistaandWindowsServer2008havetheabilitytocollectauditdata,reviewauditlogs,protectauditlogsfromoverflow,andrestrictaccesstoauditlogs.
Auditinformationgeneratedbythesystemincludesdateandtimeoftheevent,userwhocausedtheeventtobegenerated,computerwheretheeventoccurred,andothereventspecificdata.
Authorizedadministratorscanreviewauditlogs.
3.
3.
2UserDataProtectionWindowsVistaandWindowsServer2008protectuserdatabyenforcingseveralaccesscontrolpolicies(DiscretionaryAccessControl,MandatoryIntegrityControl,EncryptingFileSystem,WEBUSERandwebcontentprovideraccesscontrol)andseveralinformationflowpolicies(IPSecfilterinformationflowcontrol,WindowsFirewall);and,objectandsubjectresidualinformationprotection.
WindowsVistaandWindowsServer2008useaccesscontrolmethodstoallowordenyaccesstoobjects,suchasfiles,directoryentries,printers,andwebcontent.
WindowsVistaandWindowsServer2008usesinformationflowcontrolmethodstocontroltheflowofIPtrafficandpackets.
Itauthorizesaccesstotheseresourceobjectsthroughtheuseofsecuritydescriptors(SDs,whicharesetsofinformationidentifyingusersandtheirspecificaccesstoresourceobjects),webpermissions,IPfilters,andportmappingrules.
WindowsVistaandWindowsServer2008alsoprotectsuserdatabyensuringthatresourcesexportedtouser-modeprocessesdonothaveanyresidualinformation.
3.
3.
3IdentificationandAuthenticationWindowsVistaandWindowsServer2008requireeachusertobeidentifiedandauthenticated(usingpasswordorsmartcard)priortoperforminganyfunctions.
An6interactiveuserinvokesatrustedpathinordertoprotecthisI&Ainformation.
WindowsVistaandWindowsServer2008maintaindatabasesofaccountsincludingtheiridentities,authenticationinformation,groupassociations,andprivilegeandlogonrightsassociations.
WindowsVistaandWindowsServer2008includeasetofaccountpolicyfunctionsthatincludetheabilitytodefineminimumpasswordlength,numberoffailedlogonattempts,durationoflockout,andpasswordage.
3.
3.
4SecurityManagementWindowsVistaandWindowsServer2008includeanumberoffunctionstomanagepolicyimplementation.
Policymanagementiscontrolledthroughacombinationofaccesscontrol,membershipinadministratorgroups,andprivileges.
3.
3.
5CryptographicProtectionWindowsVistaandWindowsServer2008provideFIPS-140-2validatedcryptographicfunctionsthatsupportencryption/decryption,cryptographicsignatures,cryptographichashing,cryptographickeyagreement,andrandomnumbergeneration.
TheTOEadditionallyprovidessupportforpublickeys,credentialmanagementandcertificatevalidationfunctionsandprovidessupportfortheNationalSecurityAgency'sSuite,Bcryptoalgorithms.
TheTOEalsoprovidesextensiveauditingsupportinsupportofcryptorequirements,supportforreplaceablerandomnumbergenerators,andakeyisolationservicedesignedtolimitthepotentialexposureofsecretandprivatekeys.
3.
3.
6ProtectionofTOESecurityFunctionsWindowsVistaandWindowsServer2008provideanumberoffeaturestoensuretheprotectionofTOEsecurityfunctions.
WindowsVistaandWindowsServer2008protectsagainstunauthorizeddatadisclosureandmodificationbyusingasuiteofInternetstandardprotocolsincludingIPSecandISAKMP.
WindowsVistaandWindowsServer2008ensureprocessisolationsecurityforallprocessesthroughprivatevirtualaddressspaces,executioncontextandsecuritycontext.
TheWindowsVistaandWindowsServer2008datastructuresdefiningprocessaddressspace,executioncontext,memoryprotection,andsecuritycontextarestoredinprotectedkernel-modememory.
BitLockerprotectsharddrivedatabyprovidingSecureStartup(integritycheckingofearlybootcomponents)andFullVolumeEncryption(FVE).
FVEprotectsdatabyencryptingentirediskvolumes;inthecaseoftheWindowsoperatingsystemvolume,thisincludestheswapandhibernationfiles.
SecureStartupprovidesintegritycheckingoftheearlybootcomponents,ensuringthatFVEdecryptionisperformedonlyifthosecomponentsarefoundtobeunchangedandtheencrypteddriveislocatedintheoriginalcomputer.
3.
3.
7ResourceUtilizationWindowsVistaandWindowsServer2008canlimittheamountofdiskspacethatcanbeusedbyanidentifieduserorgrouponaspecificdiskvolume.
Eachvolumehasasetofpropertiesthatcanbechangedonlybyamemberoftheadministratorgroup.
These7propertiesallowanauthorizedadministratortoenablequotamanagement,specifyquotathresholds,andselectactionswhenquotasareexceeded.
3.
3.
8SessionLockingWindowsVistaandWindowsServer2008providetheabilityforausertolocktheirsessionimmediatelyorafteradefinedinterval.
Itconstantlymonitorsthemouseandkeyboardforactivityandlockstheworkstationafterasetperiodofinactivity.
WindowsVistaandWindowsServer2008allowanauthorizedadministratortoconfigurethesystemtodisplayalogonbannerthatdescribesusagepoliciesbeforethelogondialog.
4AssumptionsThefollowingassumptionsweremadeduringtheevaluationofWindowsVistaandWindowsServer2008:Allconnectionstoperipheraldevicesresidewithinthecontrolledaccessfacilities.
TheTOEonlyaddressessecurityconcernsrelatedtothemanipulationoftheTOEthroughitsauthorizedaccesspoints.
Internalcommunicationpathstoaccesspointssuchasterminalsareassumedtobeadequatelyprotected.
AnyothersystemswithwhichtheTOEcommunicatesareassumedtobeunderthesamemanagementcontrolandoperateunderthesamesecuritypolicyconstraints.
TheTOEisapplicabletonetworkedordistributedenvironmentsonlyiftheentirenetworkoperatesunderthesameconstraintsandresideswithinasinglemanagementdomain.
Therearenosecurityrequirementsthataddresstheneedtotrustexternalsystemsorthecommunicationslinkstosuchsystems.
AuthorizeduserspossessthenecessaryauthorizationtoaccessatleastsomeoftheinformationmanagedbytheTOEandareexpectedtoactinacooperatingmannerinabenignenvironment.
TherewillbeoneormorecompetentindividualsassignedtomanagetheTOEandthesecurityoftheinformationitcontains.
Thesystemadministrativepersonnelarenotcareless,willfullynegligent,orhostile,andwillfollowandabidebytheinstructionsprovidedbytheadministratordocumentation.
TheprocessingresourcesoftheTOEwillbelocatedwithincontrolledaccessfacilitiesthatwillpreventunauthorizedphysicalaccess.
TheTOEhardwareandsoftwarecriticaltosecuritypolicyenforcementwillbeprotectedfromunauthorizedphysicalmodification.
5DocumentationThefollowingdocumentationwasusedasevidencefortheevaluationoftheWindowsVistaandWindowsServer2008:85.
1ConfigurationManagement1.
ValidatedthroughanNSAapprovedevaluationprocess5.
2DeliveryandOperation1.
MicrosoftWindowsCommonCriteriaEvaluationDocument,version6,July29,20095.
3DesignDocumentation1.
SeetheDesignDocumentationListattheendofthedocument.
5.
4GuidanceDocumentation1.
MicrosoftWindowsCommonCriteriaEvaluationDocument,version6,Tuesday,July29,20092.
WindowsVistaSecurityGuide-http://technet.
microsoft.
com/en-us/library/cc507874.
aspx3.
WindowsServer2008SecurityGuide-http://technet.
microsoft.
com/en-us/library/cc264463.
aspx5.
5LifeCycle1.
ValidatedthroughanNSAapprovedevaluationprocess.
5.
6Testing1.
MicrosoftWindowsCommonCriteriaEvaluationTestPlan,Rev:14,7/29/20092.
64BitKernelDebugSupportTestSuite,Rev:1,11/30/20073.
AccessControl(ACL)TestSuite,Rev:5,07/19/20094.
ACPIDriverTestSuite,,Rev:3,02/09/20095.
AdministratorAccessTestSuite,Rev:22,07/19/20096.
AdvancedLocalProcessCommunicationTestSuite,Rev:4,06/25/20097.
ApplicationCompatibilitySupportTestSuite,Rev:5,06/13/20098.
ApplicationExperienceLookupServiceTestSuite,Rev:2,05/12/20089.
ApplicationInformationServiceTestSuite,Rev:3,04/23/200910.
AuthenticationProviderTestSuite,Rev:1.
3,05/27/200911.
BackgroundIntelligentTransferServiceTestSuite,Rev:11,07/04/200912.
BaseFilteringEngineServiceTestSuite,Rev:2,04/09/200913.
BitsServerISAPIExtensionsTestSuite,Rev:2,04/29/200914.
BowserDriverTestSuite,Rev:1,06/23/200915.
(OS)CertificateServerTestSuite,Rev2.
0,06/04/200916.
ClientSideCachingDriverTestSuite,Rev:4,06/30/200917.
COM+TestSuite,Rev:4,07/06/200918.
COM+EventSystemServiceTestSuite,Rev:2.
1,07/03/2009919.
ComputerBrowserServiceTestSuite,Rev:4,06/04/200920.
ConfigurationManagerTestSuite,Rev:4,07/05/200921.
CredentialManagerTestSuite,Rev:6,06/13/200922.
DataExecutionPreventionTestSuite,Rev:99,04/24/200923.
DesktopWindowManagerTestSuite,Rev:1.
0,07/04/200924.
DevicesTestSuite,Rev:99,04/24/200925.
DirectoryServicesReplicationTestSuite,Rev:2.
1,06/05/200926.
DistributedCOMServicesTestSuite,Rev:2.
1,02/06/200927.
DistributedFileSystemFilterDriverTestSuite,Rev:1,11/22/2006)28.
DistributedFileSystemReplicationServiceTestSuite,Rev:6,02/04/200929.
DistributedTransactionCoordinatorTestSuite,Rev:2,06/19/200930.
EventTracingForWindowsTestSuite,Rev:1,07/05/200931.
ExecutiveObjectServicesTestSuite,Rev:6,07/06/200932.
FileinfoFsMinifilterDriverTestSuite,Rev:2,06/23/200833.
GDITestSuite,Rev2.
1,07/19/200934.
GobyCryptographicTestSuite,Rev:1.
0,06/05/200735.
HandleEnforcementTestSuite,Rev:5,7/19/200936.
HardwareTestSuite,Rev:1,06/12/2009,X64Rev:99,04/24/2009,IA32Rev:99,04/24/2009,IA64Rev:2,05/01/2006)37.
HIDClassLibraryTestSuite,Rev:99,02/17/200638.
HTTPClientTestSuite,Rev:3.
1,06/30/200939.
IISCoadminDLLTestSuite,Rev:1,06/30/200940.
ImpersonationTestSuite,Rev:2.
2,07/24/200941.
InternetKeyExchangeTestSuite,Rev2,06/13/200942.
IPHelperServiceTestSuite,Rev:99,06/12/200943.
IPSECTestSuite,Rev2.
3,08/12/200544.
ISAPIDLLForWebPrintingTestSuite,Rev:1,04/27/200945.
KDCTestSuite,Rev:1.
8,06/02/200946.
KernelDebugManagerTestSuite,Rev:5,06/04/200947.
KernelModeDriverFrameworkTestSuite,Rev:1,05/13/200948.
KernelModeWMITestSuite,Rev:99,06/11/200949.
KernelTransactionManagerTestSuite,Rev:99,04/07/200950.
LDAPTestSuite,Rev:2.
0,06/05/200951.
LocalSessionManagerTestSuite,Rev:1.
0,06/30/200952.
MAPITestSuite,Rev:1.
4,06/30/200953.
MemoryManagerTestSuite,Rev:2,07/05/200954.
MiscellaneousTestSuite,Rev:3.
5,07/05/200955.
MultipleUNCProviderAndDFSClientTestSuite,Rev:2,12/18/200756.
NDIS5.
1WrapperDriverTestSuite,Rev:2,12/18/200757.
NetworkStoreInterfaceProxyTestSuite,Rev:6,04/21/200958.
NetworkSupportTestSuite,Rev:4,07/24/200959.
ObjectManagerTestSuite,Rev:2,03/19/200960.
ObjectReuseTestSuite,Rev2.
1,06/30/200961.
PlugAndPlayManagerTestSuite,Rev:4,01/29/200962.
PowerManagerTestSuite,Rev:5,01/29/200963.
PrivilegeTestSuite,Rev:17,07/19/20091064.
RPCProxyTestSuite,Rev:2,05/30/200665.
RSOPServiceApplicationTestSuite,Rev:9,06/04/200966.
ServerNetworkDriverTestSuite,Rev0.
8,06/12/200967.
SMB2.
0ServerDriverTestSuite,Rev:1,06/03/200968.
SMBMini-RedirectorTestSuite,Rev:5,06/12/200969.
SMBTransportDriverTestSUITE,Rev:2,06/03/200970.
SpecialAccessTestSuite,Rev:34,07/24/200971.
SuperfetchServiceHostRev:2,05/15/200872.
TaskSchedulerEngineTestSuite,Rev:9,05/18/200673.
TcpipDriverTestSuite,06/10/200974.
TDItranslationdriver(TDX)testSuite,Rev:1,04/02/200975.
TDIWrapperTestSuite,Rev:2,04/15/200876.
TokenTestSuite,Rev:1.
8,06/06/200977.
TPMBaseServicesTestSuite,Rev:99,01/23/200978.
TrustedInstallerTestSuite,Rev:4,02/16/2000979.
USB1.
1&2.
0PortDriverTestSuite,Rev:1,06/11/200980.
USBMassStorageTestSuite,Rev:4,06/12/200981.
UserTestSuite,Rev1.
4,07/05/200982.
UserModeDriverFrameworkReflectorTestSuite,Rev:1,06/26/200983.
UserProfileServiceTestSuite,Rev:4,07/04/200984.
VDMParallelDriverTestSuite,Rev:99,06/23/200985.
VirtualDiskServiceTestSuite,Rev:1,06/03/200986.
VirtualDosMachineTestSuite,Rev:2,02/06/200887.
VolumeManagerDriverTestSuite,Rev:99,04/02/200988.
VolumeShadowCopyDriverTestSuite,Rev:1.
6/11/200989.
WindowsCryptographicPrimitivesLibraryTestSuite,Rev:1,06/10/200990.
WindowsEventLogServiceTestSuite,Rev:1,06/10/200991.
WindowsFirewallTestSuite,Rev1,06/30/200992.
WindowsOSStartupTestSuite,Rev:2,02/24/200993.
WindowsTimeServiceTestSuite,Rev:1,05/25/200994.
WindowsUpdateAutoupdateEngineTestSuite,Rev:1.
1,06/10/200995.
WindowsUpdateAutoupdateServiceTestSuite,Rev:1,11/08/2006)96.
WMIProviderHostTestSuite,Rev:1,07/01/200997.
TestCode98.
ActualTestResults5.
7VulnerabilityAssessment1.
WindowsVistaandWindowsServer2008MisuseAnalysisVersion0.
2,July6,20092.
MicrosoftWindows2008/VistaStrengthofFunctionAnalysis(AVA_SOF),Version0.
1,31January2009116ITProductTestingThissectiondescribesthetestingeffortsofthedeveloperandtheEvaluationTeam.
ItisderivedfrominformationcontainedintheEvaluationTeamTestReportfortheWindowsVistaandWindowsServer2008,Version1.
0,July31,2009.
6.
1DeveloperTestingThedevelopertestedtheinterfacesidentifiedinthefunctionalspecificationandmappedeachtesttothesecurityfunctiontested.
ThescopeofthedevelopertestsincludedallTOESecurityFunctionsandtheentireTSFInterface(TSFI).
Wheretestingwasnotpossible,codeanalysiswasusedtoverifytheTSFIbehavior.
Theevaluationteamdeterminedthatthedeveloper'sactualtestresultsmatchedthevendor'sexpectedresults6.
2EvaluationTeamIndependentTestingTheevaluationteamensuredthattheTOEperformedasdescribedinthedesigndocumentationanddemonstratedthattheTOEenforcestheTOEsecurityfunctionalrequirements.
Specifically,theevaluationteamensuredthatthedevelopertestdocumentationsufficientlyaddressesthesecurityfunctionsasdescribedinthesecuritytargetandtheTSFIasdescribedintheFunctionalSpecification.
ItshouldbenotedthattheTSFItestingwaslimitedtotestingsecuritychecksfortheinterface.
TheTSFIinputparameterswerenotexercisedforerroneousandanomalousinputs.
Theevaluationteamperformedasampleofthedeveloper'stestSuite,anddevisedanindependentsetofteamtests.
Theevaluationteamdeterminedthatthevendor'stestSuite,wascomprehensive.
ThustheindependentsetofCCTLdevelopedteamtestswaslimited.
Atotaloftwentyfour(24)teamtestsweredevisedandcoveredthefollowingareas:ResidualInformationProtection,TSFSecurityFunctionsManagement,TOESecurityBanners,SessionLocking,Identification&Authentication,TOEAccessRestriction,andAccessControlonEncryptedFiles.
6.
3VulnerabilityAnalysisAdditionaltestingtoaddresstheAVA_VLA.
3requirementswasperformedbytheNationalSecurityAgency(NSA)andcompletedinAugust2009.
UsingtheresultsoftheevaluationbytheCCTLevaluationteam,theNSAevaluationteaminstalledtheTOEevaluatedconfigurationandconductedAVA_VLA.
3vulnerabilitytesting.
TheNSAteamutilizedthesamecategoryoftoolsusedbytheCCTLforpenetrationtesting,aswellasin-housedevelopedtools,whichenabledtheteamtodeterminethattheTOEwasresistanttopenetrationattacksperformedbyattackerswithhighattackpotential.
7EvaluatedConfigurationTheevaluatedconfigurationwastestedintheconfigurationidentifiedinthissection.
Theevaluationresultsarevalidforthevariousrealizablecombinationsofconfigurationsofhardwareandsoftwarelistedinthissection.
AhomogeneousWindowssystemconsistingofvariousServers,DomainControllers,andWorkstationsusingthevarioushardwareand12softwarelistedinthissectionmaintainsitssecurityratingwhenoperatedusingthesecureusageassumptionslistedinSection4ofthisvalidationreport.
TOESoftwareIdentification–ThefollowingWindowsOperatingSystems(OS'):MicrosoftWindowsVistaEnterpriseEdition(32-bitand64-bitversions)MicrosoftWindowsServer2008StandardEdition(64-bitversion)MicrosoftWindowsServer2008EnterpriseEdition(64-bitversion)MicrosoftWindowsServer2008DatacenterEditionThefollowingsecurityupdatesandpatchesmustbeappliedtotheaboveVistaproducts:Allsecurityupdatesasof9June2009,excludingtheServicePack2update.
ThefollowingsecurityupdatesmustbeappliedtotheaboveWindowsServer2008products:Allsecurityupdatesasof9June2009,excludingtheServicePack2update.
TOEHardwareIdentification–Thefollowinghardwareplatformsareincludedintheevaluatedconfiguration:DellOptiplex755,3.
0GHzIntelCore2DuoE8400,64-bitDellPowerEdgeSC1420,3.
6GHzIntelXeonProcessor(1CPU),32-bitDellPowerEdge1800,3.
2GHzIntelXeonProcessor(1CPU),32-bitDellPowerEdge2970,1.
7GHzquadcoreAMDOpteron2344Processor(2CPUs),64-bitHPProliantDL385G5,2.
1GHzquadcoreAMDOpteron2352Processor(2CPUs),64-bitHPProliantDL385,2.
6GHzAMDOpteron252Processor(2CPUs),64-bitUnisysES7000Model7600R,2.
6GHzIntelXeon(6-core)(8CPUs),64-bitGemPlusGemPCTwinUSBsmartcardsTousetheproductintheevaluatedconfiguration,theproductmustbeconfiguredasspecifiedintheMicrosoftWindowsCommonCriteriaEvaluationDocument,version6,July29,2009.
8ResultsoftheEvaluationTheresultsoftheassurancerequirementsaregenerallydescribedinthissectionandarepresentedindetailintheproprietaryETR.
ThereaderofthisdocumentcanassumethatallEAL4augmentedwithALC_FLR.
3andAVA_VLA.
3workunitsreceivedapassingverdict.
Averdictforanassurancecomponentisdeterminedbytheresultingverdictsassignedtothecorrespondingevaluatoractionelements.
TheevaluationwasconductedbaseduponCCversion2.
3andCEMversion2.
3[5],[6].
TheevaluationdeterminedtheWindows13VistaandWindowsServer2008TOEtobePart2extended,andtomeetthePart3EvaluationAssuranceLevel(EAL4)augmentedwithALC_FLR.
3requirements.
Thefollowingevaluationresultsareextractedfromthenon-proprietaryEvaluationTechnicalReportprovidedbytheCCTLaswellasinputfromtheNSAevaluators,andareaugmentedwiththevalidator'sobservationsthereof.
8.
1EvaluationoftheSecurityTarget(ASE)TheevaluationteamappliedeachASECEMworkunit.
TheSTevaluationensuredtheSTcontainsadescriptionoftheenvironmentintermsofpoliciesandassumptions,astatementofsecurityrequirementsclaimedtobemetbytheWindowsVistaandWindowsServer2008productsthatareconsistentwiththeCommonCriteria,andproductsecurityfunctiondescriptionsthatsupporttherequirements.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
2EvaluationoftheConfigurationManagementCapabilities(ACM)Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified8.
3EvaluationoftheDeliveryandOperationDocuments(ADO)TheSAICevaluationteamfollowedtheConfigurationGuidetotesttheinstallationprocedurestoensuretheproceduresresultintheevaluatedconfiguration.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
4EvaluationoftheDevelopment(ADV)TheSAICevaluationteamappliedeachEAL4ADVCEMworkunitforthefunctionalspecificationandsecuritypolicymodelportionsofthedesignevaluation.
TheevaluationteamalsoensuredthatthecorrespondenceanalysisbetweenthefunctionalspecificationandtheSTwasaccurate.
Lastly,theSAICevaluationteamsampledthesourcecodetoensurethatthefunctionalspecificationwascorrectlyrepresentedbasedupontheimplementation.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
148.
5EvaluationoftheGuidanceDocuments(AGD)TheevaluationteamappliedeachEAL4AGDCEMworkunit.
TheevaluationteamensuredtheadequacyoftheuserguidanceindescribinghowtousetheoperationalTOE.
Additionally,theevaluationteamensuredtheadequacyoftheadministratorguidanceindescribinghowtosecurelyadministertheTOE.
Bothoftheseguideswereassessedduringthedesignandtestingphasesoftheevaluationtoensuretheywerecomplete.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
6EvaluationoftheTestDocumentationandtheTestActivity(ATE)TheevaluationteamappliedthecoverageandindependenttestingCEMworkunits.
Specifically,theevaluationteamensuredthatthevendortestdocumentationsufficientlyaddressesthesecurityfunctionsasdescribedinthefunctionalspecification.
Theevaluationteamre-rantheentirevendortestsuite,,anddevisedanindependentsetofteamtests.
Thevalidatorreviewedtheworkoftheevaluationteam,andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
7VulnerabilityAssessmentActivity(AVA)TheSAICevaluationteamappliedtheAVA_MSU.
2andAVA_SOF.
1workunits.
TheevaluationteamensuredthattheTOEdocumentationdoesnoteasilymisleadanadministratorandthatthepasswordmechanismmeetsallstatedclaimsintheST.
ThevalidatorreviewedtheworkoftheevaluationteamandNSApenetrationtestingteam(AVA_VLA.
3),andfoundthatsufficientevidenceandjustificationwasprovidedbytheevaluationteamtoconfirmthattheevaluationwasconductedinaccordancewiththerequirementsoftheCEM,andthattheconclusionreachedbytheevaluationteamwasjustified.
8.
8SummaryofEvaluationResultsThevalidationteam'sassessmentoftheevidenceprovidedbytheevaluationteamisthatitdemonstratesthattheevaluationteamfollowedtheproceduresdefinedintheCEM,andcorrectlyverifiedthattheproductmeetstheclaimsintheST.
9ValidatorComments/RecommendationsTheEvaluationTeamiscommendedfortheirtestingactivitiesofsuchacomplexsystem,andtheireffortstovalidatetheevaluatedconfigurationduringteamtesting.
Thevalidatorsofthisevaluationwanttomakeitcleartothosedeployingtheseproductsintheirsystemsthattheanalysisandtestingforthisevaluationwaspredicatedonthenotionofahomogeneousnetwork.
Thismeanstheanalysisandsecurityfunctionaltestingdidnot15addressthepossibilityofanuntrusteduserfrominjectingarawframeonthenetwork,sinceusersofthewindowsmachinesareprohibitedfromdoingthis.
.
10AnnexesNotapplicable.
11SecurityTargetTheSecurityTargetisidentifiedasMicrosoftWindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009.
1612GlossaryThefollowingdefinitionsareusedthroughoutthisdocument:CommonCriteriaTestingLaboratory(CCTL).
AnITsecurityevaluationfacilityaccreditedbytheNationalVoluntaryLaboratoryAccreditationProgram(NVLAP)andapprovedbytheCCEVSValidationBodytoconductCommonCriteria-basedevaluations.
Conformance.
Theabilitytodemonstrateinanunambiguouswaythatagivenimplementationiscorrectwithrespecttotheformalmodel.
Evaluation.
TheassessmentofanITproductagainsttheCommonCriteriausingtheCommonCriteriaEvaluationMethodologytodeterminewhetherornottheclaimsmadearejustified;ortheassessmentofaprotectionprofileagainsttheCommonCriteriausingtheCommonEvaluationMethodologytodetermineiftheProfileiscomplete,consistent,technicallysoundandhencesuitableforuseasastatementofrequirementsforoneormoreTOEsthatmaybeevaluated.
EvaluationEvidence.
Anytangibleresource(information)requiredfromthesponsorordeveloperbytheevaluatortoperformoneormoreevaluationactivities.
Feature.
Partofaproductthatiseitherincludedwiththeproductorcanbeorderedseparately.
TargetofEvaluation(TOE).
AgroupofITproductsconfiguredasanITsystem,oranITproduct,andassociateddocumentationthatisthesubjectofasecurityevaluationundertheCC.
Validation.
TheprocesscarriedoutbytheCCEVSValidationBodyleadingtotheissueofaCommonCriteriacertificate.
ValidationBody.
Agovernmentalorganizationresponsibleforcarryingoutvalidationandforoverseeingtheday-to-dayoperationoftheNIAPCommonCriteriaEvaluationandValidationScheme.
13BibliographyTheValidationTeamusedthefollowingdocumentstoproducethisValidationReport:[1]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part1:IntroductionandGeneralModel,Version2.
3,August2005.
[2]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part2:SecurityFunctionalRequirements,Version2.
3,August2005.
[3]CommonCriteriaProjectSponsoringOrganisations.
CommonCriteriaforInformationTechnologySecurityEvaluation:Part3:SecurityAssuranceRequirements,Version2.
3,August2005.
17[4]CommonCriteriaProjectSponsoringOrganisations.
CommonEvaluationMethodologyforInformationTechnologySecurity,Version2.
3,August2005.
[5]CommonCriteriaProjectSponsoringOrganisations.
CommonEvaluationMethodologyforInformationTechnologySecurity–Part2:EvaluationMethodology,Version2.
3,August1999.
[6]CommonCriteria,EvaluationandValidationSchemeforInformationTechnologySecurity,GuidancetoValidatorsofITSecurityEvaluations,SchemePublication#3,Version1.
0,January2002.
[7]ScienceApplicationsInternationalCorporation.
EvaluationTechnicalReportfortheWindowsVistaandWindowsServer2008Part2(Proprietary),Version2.
0,July31,2009.
[8]ScienceApplicationsInternationalCorporation.
EvaluationTeamTestReportforWindowsVistaandWindowsServer2008Part2Supplement(SAICandMicrosoftProprietary),Version1.
0,July31,2009.
Note:ThisdocumentwasusedonlytodevelopsummaryinformationregardingthetestingperformedbytheCCTL.
[10]WindowsVistaandWindowsServer2008SecurityTarget,Version1.
0,July24,2009.
14DesignDocumentationListingGeneralProductDocumentationVersionDateSecurityPolicyModel.
doc122/12/2009FunctionalSpecificationCompletenessRationale.
doc25/28/2009CertificateServerComponent(OS)CertificateServiceDefaultExitModule.
doc27/22/2009(OS)CertificateServiceDefaultPolicyModule.
doc27/22/2009(OS)CertificateService.
doc47/22/2009CryptographicSupportFVECrashDumpDriver0.
037/22/2009FVEDriver0.
067/28/2009TPMBasedServices0.
077/28/2009TPMDriver0.
037/28/2009ExecutiveComponent64bitKernelDebugSupport.
doc97/22/2009ApplicationCompatibilitySupport.
doc127/22/2009CacheManager.
doc67/22/2009ConfigurationManager.
doc37/22/2009EventTracingforWindows.
xlsm0.
087/22/2009ExecutiveObjectServices.
doc37/22/2009GraphicsDeviceInterface.
xlsm0.
077/28/2009HardwareAbstractionLayer.
doc67/23/200918KernelDebugManager.
doc27/22/2009KernelModeWindowsManagementInstrumentation.
doc137/22/2009KernelRuntime.
doc157/22/2009KernelRuntimeNewChecksandEffects.
xlsm0.
037/10/2009KernelTranasctionManager.
xlsm0.
097/22/2009LocalProcessCommunication.
doc97/22/2009MemoryManager.
doc87/22/2009MemoryManager.
xlsm0.
047/20/2009Microkernel.
doc157/22/2009MicrokernelNewChecksandEffects.
xlsm0.
027/22/2009ObjectManager.
doc37/22/2009PlugandPlayManager.
doc77/22/2009PlugandPlayManagerNewChecksandEffects.
xlsm0.
077/22/2009PowerManager.
doc127/22/2009ProcessManager.
doc27/22/2009ProcessManagerNewChecksandEffects.
xlsm0.
087/22/2009SecurityReferenceMonitor.
doc167/22/2009VirtualDOSMachine.
doc27/22/2009WindowManager(User).
xlsm0.
087/22/2009HardwareComponentAMDHardware.
doc135/31/2009IntelHardware.
doc125/31/2009InternetInformationServicesComponentBITSServerExtensionsISAPI.
doc67/23/2009IISCoAdminDLL.
doc47/23/2009IISISAPIHandler.
doc27/23/2009IISMetadataDLL.
doc37/23/2009InternetInformationServicesResetControl.
doc27/23/2009IISRPCProxy.
doc57/23/2009IISWebAdminService.
doc67/23/2009IISWebAdminService.
xlsm0.
047/23/2009IISWebServerCore.
doc67/23/2009IISWorkerProcess.
doc27/23/2009InternetInformationServices.
doc27/23/2009ISAPIDLLforWebPrinting.
doc47/23/2009MetadataandAdminService.
doc27/23/2009WAMRegistrationDLL.
doc37/23/2009WinHTTPWebProxyAutoDiscoveryService.
doc27/23/2009I/OCoreComponentFileSystemRecognizer.
doc36/2/2009IOManager.
doc37/23/2009IOManager.
xlsm0.
067/23/2009KernelModeDriverFramework.
xlsm0.
067/23/2009KernelSecurityDeviceDriver.
doc37/23/200919MountManager.
doc37/23/2009UserModeDriverFrameworkReflector.
xlsm0.
077/23/2009I/ODevicesComponentACPIDriver.
doc77/23/2009AdvancedHostControllerInterfaceDriver.
xlsmdoc0.
57/23/2009ALIIDEMiniportDriver0.
37/23/2009AMDIDEMiniportDriver0.
37/23/2009AMDK8ProcessorDriver.
xlsm0.
27/23/2009ATAportDriverExtension.
xlsm0.
67/23/2009ATIATI2MTADMiniportDriver.
doc77/23/2009AudioPortClassDriver.
doc37/23/2009BeepDriver.
doc47/23/2009BroadcomBCM5708CNetXtremeGigabitNICMiniportDriver.
doc37/23/2009CompositeBatteryDriver.
xlsm0.
47/23/2009FileSystemFilterManager.
doc57/23/2009HardwareErrorDeviceDriver.
xlsm0.
37/23/2009HIDClassLibrary.
doc57/23/2009HIDKeyboardFilterDriver.
doc47/23/2009HIDMouseFilterDriver.
doc47/23/2009HIDParsingLibrary.
doc47/23/2009HPProliantSmartArray.
doc47/23/2009i8042PortDriver.
doc37/23/2009IDEATAPIPortDriver.
doc27/23/2009IntelPro1000e1e6032eNICMiniportDriver.
doc77/23/2009IntelPro1000e1g6032eNICMiniportDriver.
doc37/23/2009IntelligentIOMiniportDriver.
doc37/23/2009IntelligentIOUtilityFilterDriver.
doc37/23/2009IntelligentPlatformManagementInterfaceDriver.
xlsm0.
67/23/2009ISAandEISAClassDriver.
xlsm0.
47/23/2009KeyboardClassDriver.
doc37/23/2009LSISerialAttachedSCSIDriver.
doc37/23/2009MicrosoftSystemManagementBIOSDriver.
xlsm0.
27/23/2009MonitorClassFunctionDriver.
xlsm0.
47/23/2009MouseClassDriver.
doc37/23/2009NULLDriver.
doc37/23/2009ParallelPortDriver.
doc37/23/2009PartitionManager.
doc47/23/2009PlugandPlayPCIEnumerator.
doc37/23/2009PlugandPlaySoftwareDeviceEnumerator.
doc176/3/2009PnPDiskDriver.
doc37/23/2009PNPISABusDriver.
doc37/23/2009ProcessorDeviceDriver.
doc37/23/2009SCSICD-ROMDriver.
doc47/23/2009SCSIClassSystemDLL.
doc47/23/200920SCSIPortDriver.
doc177/23/2009SCSITapeClassDriver.
doc117/23/2009SerialDeviceDriver.
doc37/23/2009SerialPortEnumerator.
doc37/23/2009SmartCardDriverLibrary.
doc37/23/2009StoragePortDriver.
doc187/23/2009USB1.
1&2.
0PortDriver.
doc37/23/2009USBCCIDDriver.
doc37/23/2009USBCommonClassGenericParentDriver.
doc37/23/2009USBHostControllerInterfaceMiniportDrivers.
doc37/23/2009USBMassStorageDriver.
doc37/23/2009USBMiniportDriverforInputDevices.
doc37/23/2009USBRootHubDriver.
doc37/23/2009UserModeBusEnumerator.
xlsm0.
37/23/2009VDMParallelDriver0.
57/23/2009VGASuperVGAVideoDriver.
doc37/23/2009VIAIDEMiniportDriver0.
37/23/2009VideoPortDriver.
doc37/23/2009VolumeShadowCopyDriver.
doc47/23/2009WatchdogDriver.
doc37/23/2009WMIforACPIDriver.
doc37/23/2009I/OFileComponentCDROMFileSystem.
doc57/24/2009EncryptingFileSystem.
doc27/24/2009FastFatFileSystem.
doc37/24/2009FileInformationFSMini-Filter.
xlsm0.
067/24/2009MailslotDriver.
doc227/24/2009NPFSDriver.
doc267/24/2009NTFileSystemDriver.
doc67/24/2009UDFFileSystemDriver.
doc27/24/2009VolumeManagerDriver.
xlsm0.
097/24/2009I/ONetworkComponentAncillaryFunctionDriverforWinSock.
doc47/24/2009BowserDriver.
doc37/24/2009ClientSideChachingDriver.
xlsm0.
077/24/2009DistributedFileClient.
xlsm0.
077/24/2009DistributedFileSystemFilterDriver.
doc57/24/2009FWPkClntExportDriver.
xlsm0.
037/24/2009HTTPDriver.
doc77/24/2009IPFilterDriver.
doc47/24/2009IPinIPEncapsulationDriver.
doc27/24/2009LoopbackNetworkDriver.
doc37/24/2009MultipleUNCProviderandDFSClient.
doc47/24/2009NDIS5.
1WrapperDriver.
doc57/24/2009NDISUserModeIODriver.
xlsm0.
047/24/2009NetBTTransportDriver.
doc87/24/200921NetworkStoreInterfaceProxyDriver.
xlsm0.
077/24/2009QosPacketScheduler.
xlsm0.
047/24/2009RDBSS.
doc237/24/2009RemoteNDISMiniport.
doc37/24/2009ServerDriver.
doc47/24/2009ServerNetworkDriver.
xlsm0.
057/24/2009SMBMini-Redirector.
doc37/24/2009SMB2.
0Sub-Redirector.
xlsm0.
037/24/2009SMB2.
0ServerDriver.
xlsm0.
057/24/2009SMBTransportDriver.
doc97/24/2009TCPIPProtocolDriver.
xlsm0.
067/24/2009TDITranslationDriver(TDX).
xlsm0.
057/24/2009TDIWrapper.
doc47/24/2009WebDavMiniRedirector.
doc47/24/2009Winsock2IFSLayerDriver.
doc37/24/2009NetworkSupportComponentCOM+ConfigurationCatalogServer.
doc157/24/2009COM+EventSystemService.
doc77/24/2009COM+Services.
doc77/24/2009DHCPService.
doc87/24/2009DistributedCOMServices.
doc57/24/2009DomainNameService.
doc67/24/2009InternetExtensionsforWin32.
doc37/24/2009InternetKeyExhange.
xlsm0.
077/24/2009IPHelperService.
xlsm0.
056/30/2009NetworkConnectionsManager.
doc76/24/2009NetworkLocationAwarenessService.
doc97/24/2009RPCEndpointMapper.
doc77/24/2009RPCLocator.
doc37/24/2009SimpleTCPIPServicesServiceDLL.
doc37/24/2009TCPIPNetBIOSTransportService.
doc37/24/2009TCPIPServicesApplication.
doc37/24/2009WebDAVServiceDLL.
doc197/24/2009OSSupportComponentBITSService127/24/2009DistributedFileSystemService.
doc67/24/2009PrintSpooler.
doc77/24/2009RemovableStorageManager.
doc57/24/2009SessionManager.
doc27/24/2009WMIAdapterService.
xlsm0.
047/24/2009WMIProviderHost.
doc77/24/2009WMIService.
doc267/24/2009SecurityComponentActiveDirectoryReplicationManagement.
doc57/24/2009CoreDirectoryService.
doc37/24/2009CredentialManager.
doc67/24/200922DataProtectionAPI.
doc57/24/2009DirectoryServicesRoleManagement.
doc57/24/2009EncryptingFileSystemService.
doc87/24/2009IFXCardM.
xlsm0.
027/24/2009Inter-SiteMessaging.
doc47/24/2009IPSecSPDServer.
doc396/24/2009KDCService.
doc47/24/2009KerberosSecurityPackage.
doc37/24/2009KeyIsolationService.
xlsm0.
067/24/2009LDAP.
doc47/24/2009LSAAudit.
doc37/24/2009LSAAuthentication.
doc47/24/2009LSAPolicy.
doc57/24/2009MAPIBasedDirectoryRequest.
doc47/24/2009MicrosoftAuthenticationPackagev1.
0.
doc47/24/2009MicrosoftBaseSmartCardCryptoProvider.
doc27/24/2009MicrosoftDigestAccess.
doc97/24/2009MicrosoftSmartCardKeyStorageProvider.
xlsm0.
037/24/2009NetLogonServicesDLL.
doc67/24/2009NTDSBackupandRestore.
doc47/24/2009PKITrustInstallationandSetup.
doc37/24/2009ProtectedStorageServer.
doc37/24/2009SAMServer.
doc77/24/2009SecondaryLogonService.
doc47/24/2009TLS-SSLSecurityProvider.
doc37/24/2009TrustSigningAPIs.
doc37/24/2009WindowsCryptographicPrimitivesLibrary.
xlsm0.
047/24/2009ServicesComponentApplicationExperienceLookupService.
doc67/24/2009ApplicationInformationService.
xlsm0.
047/24/2009ComputerBrowserService.
doc37/24/2009CryptographicServices.
doc67/24/2009DesktopWindowManager.
xlsm0.
067/24/2009FileReplicationService.
doc67/24/2009GenericHostProcessforWin32Services.
doc27/24/2009InteractiveServiceDetectionforSession0.
xlsm0.
037/24/2009Non-COMWMIEventProvisionAPIs.
doc57/24/2009RemoteRegistryService.
doc47/24/2009ServerServiceDLL.
doc47/24/2009ServicesandControllerApp.
doc77/24/2009SmartCardResourceManagementServer.
doc57/24/2009Superfetch.
doc57/24/2009SystemEventNotificationService.
doc27/24/2009TaskEngine.
xlsm0.
037/24/2009UPnPDeviceHost.
doc27/24/2009User-ModePlug-and-PlayService.
doc287/24/200923UserProfileService.
xlsm0.
067/24/2009VirtualDiskService.
doc67/24/2009VolumeShadowCopyService.
doc37/24/2009WindowsEventLogService.
xlsm0.
067/24/2009WindowsInstallerService.
doc47/24/2009WindowsSecurityCenterService.
doc57/24/2009WindowsSecurityConfigurationEditorEngine.
doc37/24/2009WindowsShellServicesDLL.
doc57/24/2009WindowsTimeService.
doc57/24/2009WindowsUpdateClient47/24/2009WorkstationService.
doc47/24/2009Win32ComponentBaseServer.
doc27/24/2009ClientServerRuntimeProcess.
doc27/24/2009WindowsServerDLL.
doc47/24/2009WindowsFirewallComponentApplicationLayerGatewayService.
doc37/24/2009BaseFilteringEngineService.
xlsm0.
097/24/2009HomeNetworkingConfigurationManager.
doc37/24/2009IPNetworkAddressTranslator.
doc37/24/2009MACBridgeDriver.
doc37/24/2009NATHelper.
doc37/24/2009WinLogonComponentAutoEnrollment.
doc127/24/2009GroupPolicyObjectProcessing.
doc47/24/2009GroupPolicy.
doc47/24/2009LocalSessionManager.
xlsm0.
077/24/2009Syskey.
doc37/24/2009TrustVerificationAPIs.
doc37/24/2009TrustedInstaller.
xlsm0.
057/24/2009UserEnvironment.
doc47/24/2009WindowsFileProtection.
doc37/24/2009WindowsLogonApplication.
doc47/24/2009WindowsLoader.
xlsm0.
037/24/2009WinInit.
xlsm0.
057/24/2009WindowsSmartcardCredentialProvider.
xlsm0.
047/24/2009AdminToolsatexe.
doc0.
47/24/2009auditpol.
doc0.
37/24/2009Auth_Mgr_GUI.
doc1.
37/24/2009Backup_and_Restore.
doc0.
27/24/2009BitLocker0.
47/24/2009CertificationAuthorityGUI.
doc0.
87/24/2009cipher.
exe.
doc0.
27/24/2009COM+Applications.
doc0.
57/24/2009ComputerManagement.
doc0.
27/24/200924DataExecutionPreventionforSysdm27/24/2009DataExecutionPreventionforWMIC0.
27/24/2009Date_and_Time.
doc0.
37/24/2009DCOMConfig.
doc0.
27/24/2009Default_Group_Policy_Object_Restore_Utility.
doc0.
27/24/2009DeviceManager.
doc0.
27/24/2009DHCPSnap-in.
doc0.
27/24/2009DiskManagement.
doc0.
27/24/2009DiskQuotaGUI.
doc0.
37/24/2009DNSSnap-in.
doc0.
27/24/2009DomainsandTrusts.
doc27/24/2009Driver_Verifier_Manager.
doc0.
27/24/2009efsadu.
doc0.
37/24/2009EventViewer.
doc0.
27/24/2009Explorer.
doc0.
27/24/2009GroupPolicyRefresh.
doc0.
27/24/2009GroupPolicy.
doc0.
87/24/2009IIS_Manager_GUI.
doc0.
27/24/2009InitialConfigurationTasksandServerManager0.
27/24/2009IPSecSettingsGUISpec.
doc27/24/2009IPv6MonitorDLL.
doc0.
27/24/2009Network.
doc0.
27/24/2009NetworkConnectionsManager87/24/2009NetworkID.
doc0.
27/24/2009OUDelegation.
doc0.
27/24/2009PrintersGUI.
doc0.
47/24/2009Registry_Editor.
doc0.
27/24/2009RSoP.
doc0.
27/24/2009SAMLockTool.
doc0.
27/24/2009ScheduledTasksCLITool.
doc0.
27/24/2009SCWcmd.
exe.
doc0.
27/24/2009SecurityConfigEditor.
doc0.
27/24/2009SecurityPolicyGUI.
doc1.
97/24/2009SecurityPolicyUI0.
27/24/2009Security_Config_Wiz.
doc0.
27/24/2009Services.
doc0.
27/24/2009Session_Locking.
doc0.
27/24/2009SFC.
doc27/24/2009Share_a_Folder_Wizard.
doc0.
27/24/2009SigverifDesignSpec.
doc0.
27/24/2009SitesandServices.
doc0.
77/24/2009TaskScheduler.
doc0.
27/24/2009UserAccountControl0.
27/24/2009UsersandGroups.
doc0.
27/24/2009VirtualDiskService0.
27/24/2009VolumeShadowCopyServiceCommandLine.
doc0.
27/24/200925WindowsMngtInfra(WMI).
doc0.
27/24/2009Windows_Firewall_GUI.
doc37/24/2009
- Physicallyreadyboost相关文档
- IPDreadyboost
- X3000readyboost
- portreadyboost
- Statereadyboost
- 读卡器readyboost
- 兼容readyboost
RAKsmart含站群服务器/10G带宽不限流量首月半价
RAKsmart 商家估摸着前段时间服务器囤货较多,这两个月的促销活动好像有点针对独立服务器。前面才整理到七月份的服务器活动在有一些配置上比上个月折扣力度是大很多,而且今天看到再来部分的服务器首月半价,一般这样的促销有可能是商家库存充裕。比如近期有一些服务商挖矿服务器销售不好,也都会采用这些策略,就好比电脑硬件最近也有下降。不管如何,我们选择服务器或者VPS主机要本着符合自己需求,如果业务不需要,...
LayerStack$10.04/月(可选中国香港、日本、新加坡和洛杉矶)高性能AMD EPYC (霄龙)云服务器,
LayerStack(成立于2017年),当前正在9折促销旗下的云服务器,LayerStack的云服务器采用第 3 代 AMD EPYC™ (霄龙) 处理器,DDR4内存和企业级 PCIe Gen 4 NVMe SSD。数据中心可选中国香港、日本、新加坡和洛杉矶!其中中国香港、日本和新加坡分为国际线路和CN2线路,如果选择CN2线路,价格每月要+3.2美元,付款支持paypal,支付宝,信用卡等!...
美国云服务器 1核 1G 30M 50元/季 兆赫云
【双十二】兆赫云:全场vps季付六折优惠,低至50元/季,1H/1G/30M/20G数据盘/500G流量/洛杉矶联通9929商家简介:兆赫云是一家国人商家,成立2020年,主要业务是美西洛杉矶联通9929线路VPS,提供虚拟主机、VPS和独立服务器。VPS采用KVM虚拟架构,线路优质,延迟低,稳定性强。是不是觉得黑五折扣力度不够大?还在犹豫徘徊中?这次为了提前庆祝双十二,特价推出全场季付六折优惠。...
readyboost为你推荐
-
万家增强收益债券型证券投资基金centrescssAssumegraph更新win7支持ipad敬请参阅最后一页特别声明存在问题的应用软件名单(2020年第四批)eacceleratorCentOS5.2下安装eAccelerator,怎么都装不上itunes备份itunes就是备份不了怎么办啊ipad上网新买的ipad怎么用。什么装程序 怎么上网