Microsoft Exchange Server 2003 – efficient high level certification for a big product


Effective Common Criteria certifications must balance both the needs of the consumer selecting a product and the vendor manufacturing an IT product. This is even more important when the TOE is not a typical security product and will be the first of its type to EAL4 augmented by ALC_FLR.3, the definition of the Security Target has to be done thoroughly.

Exchange Server 2003 is a leading email server used by a wide variety of commercial, non-commercial and governmental organizations ranging from the very large to the very small.

The presentation is shared by TUViT - the lab which performed the evaluation – and by Microsoft Corporation – the sponsor of the certification. Each party will address its own experiences with this certification process, which comprises of the challenge to evaluate a messaging product at this high assurance level from the lab perspective on one hand, and how to deal with CC requirements for an already released product from the sponsor's perspective on the other hand.