Windows NT C2 Evaluations

Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Last updated: December 02, 1999

On December 02, 1999, the US Government announced that Microsoft Windows NT Server and Workstation 4.0 had completed a successful evaluation at the C2 level according to the Trusted Computer System Evaluation Criteria (TCSEC). The TCSEC, more familiarly known as the "Orange Book", is perhaps the best-known governmental evaluation process for IT systems. C2 is widely acknowledged to be the highest evaluation rating that can be achieved by a general-purpose operating system. The Windows NT 4.0 evaluation included servers and workstations in six different roles, operating in both TCP/IP networked and stand-alone modes.

This success follows a trend established by the Windows NT family of products—Windows NT 3.5 was successfully evaluated under the TCSEC regime at the C2 level, and Windows NT 3.51 and 4.0 were successfully evaluated under the UK Government's ITSEC regime at a roughly equivalent level of E3/F-C2.

"We are delighted that Windows NT Version 4.0 has completed C2 orange book evaluation under NSA Trust Technology Assessment Program" said Mr. Michael Jacobs, Deputy Director for Information Security of the National Security Agency. "Completion of this evaluation means that government users of Windows NT can enjoy the benefits of an NSA-evaluated product with the current shipping Service Pack for Windows NT. We are looking forward to continuing to work with Microsoft so that, in the future, users will have the assurance of our new international Common Criteria evaluation process."

The TCSEC provides an evaluation by an independent third party against standardized criteria and according to a formal methodology known as the Trusted Products Evaluation Process (TPEP). Like the UK Government's ITSEC regime, the evaluation carries the imprimatur of a trusted third party that has scrutinized the product and assessed the security it can provide. Microsoft worked with SAIC, an approved TPEP laboratory, to ensure that it fully met all documentation and testing requirements.

The TPEP evaluates the security features that a product provides and the assurance that the product correctly and fully implements them. The security features that are required at the C2 level include:

  • Mandatory identification and authentication of all users on the system - The ability of the system to identify authorized users and to allow only them to access system resources

  • Discretionary access control - The ability for users to protect their data as they desire.

  • Accountability and Auditing - The ability of the system to thoroughly audit user and system actions.

  • Object Reuse - The ability of the system to prevent users from obtaining information from resources that previously were used by others, for example, memory that has been released or files that have been deleted.

The assurance requirements at the C2 level include:

  • Examination of source code

  • Examination of detailed design documentation

  • Retesting to ensure that any errors identified during the evaluation have been corrected.

The following information regarding the C2 evaluation for Windows NT 4.0 is available for review.

For more information on the TCSEC process, see https://www.radium.ncsc.mil/tpep/.