Windows NT 4.0 and C2: Frequently-Asked Questions

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
On This Page

What's C2?
How does the TCSEC relate to the "Orange Book"?
Why does it matter to me if Windows NT 4.0 has a C2 evaluation?
What does the evaluation cover?
What features are required at the C2 level?
What assurance is required at the C2 level?
Is this a pass/fail evaluation?
What was the "Target of Evaluation" for the Windows NT 4.0 evaluation?
Version: Windows NT 4.0 Server or Workstation, with Service Pack 6a and one additional security patch applied.
Hardware: Compaq Proliant 5100, 6500, 7000, and 8000 models, in both single- and multi-processor configurations.
Configurations: Six configurations, including TCP/IP networked and stand-alone modes:
If I want to deploy Windows NT in a C2 evaluated configuration, how do I do it?
Where can I find out more about the TCSEC and C2?
Where can I get a listing of other evaluated products?

What's C2?

C2 is an evaluation level in the US Government's Trusted Computer Security Evaluation Criteria (TCSEC) program. TCSEC provides a standard set of criteria and an evaluation procedure for judging the security that various computer products can provide.

Windows NT 4.0 Workstation and Server have just completed an operating system evaluation under the TCSEC, and received a C2 evaluation. This is generally acknowledged to be highest security evaluation that can be achieved by a general-purpose operating system.

How does the TCSEC relate to the "Orange Book"?

They're the same thing. The base set of criteria specified by the TCSEC is provided in a book with an orange cover, which has come to be known as the "Orange Book". There also are interpretations of the TCSEC as it applies to other products, such as networks, databases, etc. Each of these books has a distinctive color, and the entire series of TCSEC interpretations has come to be known as the "Rainbow Books".

Why does it matter to me if Windows NT 4.0 has a C2 evaluation?

Evaluations like this one are important for several reasons:

  • They're conducted by respected third-party security experts

  • They provide a basis for comparing various vendors' products

  • The evaluators had complete access to source code and other information.

Every customer's security needs are different, and not all customers will deploy Windows NT in the C2 configuration. However, the evaluation is significant even for customers who don't need to deploy the C2 configuration. The fact that third-party security experts have examined Windows NT 4.0 and awarded it a C2 evaluation confirms what customers already know -- that Windows NT 4.0 provides a strong, flexible security architecture.

What does the evaluation cover?

  • The evaluators consider both features and assurance in awarding a rating. Features are the security functions that the software provides such as user authentication and auditing; assurance refers to the software design, development, and testing practices that allow customers to have confidence that the features are implemented correctly.

What features are required at the C2 level?

Some of the most important features required at the C2 level include:

  • Discretionary Access Control - The ability of every user on the system to decide what access other users should have to their data

  • Object Reuse - A guarantee that one user can't recover information belonging to another user when it's no longer in use. For example, a C2 evaluated operating system must ensure that a file deleted by one user can't be recovered by another

  • Accountability - The ability for the system to uniquely identify every user on the system.

  • Auditing - The ability for the system to record what users took which actions.

To achieve a C2 evaluation, Windows NT had to meet all of the C2 feature requirements. However, it actually exceeds C2 requirements in some areas. For example, Windows NT provides a trusted path - a way to ensure that you are communicating directly with the operating system when providing information like logon passwords - which is not a requirement for C2, but is a requirement for a higher security level, B2.

What assurance is required at the C2 level?

At the C2 level, the vendor must provide detailed documentation to show that the features are properly implemented. This includes design documentation, information on lifecycle management, testing procedures, and other information. In addition to providing this information, Microsoft chose to also provide full source code as part of the evaluation.

Is this a pass/fail evaluation?

No, it's a collaborative evaluation. The evaluators are free at any point during the evaluation to request changes in any part of the product, development process, or supporting documentation. The vendor implements the changes, then resubmits the product and the evaluation resumes.

What was the "Target of Evaluation" for the Windows NT 4.0 evaluation?

The "Target of Evaluation" is the specific deployment scenarios that were used in the evaluation, and includes the specific version of the product that was evaluated, the hardware platform on which the evaluated was conducted, and the specific configuration parameters that were used. The Target of Evaluation for the Windows NT 4.0 evaluation consisted of:

-

Version: Windows NT 4.0 Server or Workstation, with Service Pack 6a and one additional security patch applied.

Hardware: Compaq Proliant 5100, 6500, 7000, and 8000 models, in both single- and multi-processor configurations.

Configurations: Six configurations, including TCP/IP networked and stand-alone modes:

  1. A server acting as a primary domain controller

  2. A server acting as a backup domain controller

  3. A server acting as a member server

  4. A server acting as a non-member server

  5. A workstation that is a member of a domain

  6. A workstation that is not a member of a domain

If I want to deploy Windows NT in a C2 evaluated configuration, how do I do it?

Complete information on deploying Windows NT in any of the evaluated configurations is available at https://www.microsoft.com/technet/security/guidance/crypto/c2deploy.mspx

Where can I find out more about the TCSEC and C2?

More information is available at https://www.radium.ncsc.mil/tpep/.

Where can I get a listing of other evaluated products?

A complete listing of the products that have been evaluated under the TCSEC process is available at https://www.radium.ncsc.mil/tpep/epl/index.html.