Solved

Windows 2000 "Orange Book" grading

Posted on 2004-09-10
2
301 Views
Last Modified: 2013-12-04
Hi

I would like to know if you know of a document where Windows 2000 security has been graded against the "Orange Book".

If not, does Microsoft provide the following sort of documentation with Windows 2000:

1. Security Features User's Guide
2. Trusted Facility Manual
3. Test Documentation
4. Design Documentation


Is their any other grading mechanism apart from the Orange Book, that I can use to grade Windows 2000.

Thanks

Zaid
0
Comment
Question by:zaidmo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
jimwasson earned 135 total points
ID: 12033247
It has been given the equivalent of a C-2 rating under the now obsolete Orange Book rating system. The new system is called the "Common Criteria".

A good discussion of it is given here:

http://www.windowsecurity.com/articles/Windows-Common-Criteria-Certification-Part-I.html

http://www.microsoft.com/technet/security/prodtech/win2000/secureev.mspx

http://niap.nist.gov/cc-scheme/st/ST_VID4002.html

http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/win2kcomcrit.asp

Information about the "old" certification is given here:

http://www.microsoft.com/presspass/press/1999/Dec99/GovernmentPR.asp

0
 

Author Comment

by:zaidmo
ID: 12042893
Thanks

- Helped a great deal
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question