Dear Microsoft,
the client I work for needs details about the security architecture and functionalities implemented for their products, which rely on some MS software (Windows Server 2008 and/or Windows 7). I would therefore need Common Criteria - related documentation and online I was only able to find the Security Target.
The documents available for the download on Microsoft’s official sites do not provide those information; those documents, however, exist for older products (Windows Server 2003 and/or Windows XP). The online resources as technet, MSDN, Books OnLine, do not provide such information in a consistent form neither.
I would need some documents that could be referenced and identified (not just a generic online support), where I could find details of how IN PRACTICE have been configured the Security Requirements claimed in the Security Target document, in particular for the following functions:
I already have the Security Target, but the documents available for the download on Microsoft’s official sites do not provide those information; those documents, however, exist for older products (Windows Server 2003 and/or Windows XP).
I would need the global documentation, which is in English language, and the local/national center, contacted by phone, doesn't know how to provide such information.
The required information are relative to the following functionalities:
* Access Control (requisites FDP_ACC.2(a) and FDP_ACF.1(a) on the Security Target);
* Information Flow Control (requisites FDP_IFC and FDP_IFF on the Security Target);
* Identification and Authentication (requisites FIA_AFL_EXT.1 and FIA_ATD.1 and FIA_UAU.2 and FIA_UID.2 and FTA_SSL.1 and FTA_SSL.2 and FTA_TAB.1 and FTP_TRP.1 and FTA_TSE.1 on the Security Target).
I can provide some examples…
In "Windows Server 2003 SP2 Administrator's Guide - version 3.0 - July 18, 2007", in the “IPSec Policy Agent Service” section, page 198 and following, it is shown how the flow separation is managed through IPsec (which is relative to the Information Flow Control requisites): is there the equivalent of this document, with a similar section, for Windows 7 and/or Windows Server 2008 ?
In "Windows XP Professional with SP2 Evaluated Configuration User’s Guide - version 3.0", in the “Data Protection” section, page 24 and following, it is shown the access control mechanism and how it happens (which is relative to the Access Control requisites): is there the equivalent of this document, with a similar section, for Windows 7 and/or Windows Server 2008 ?
In "Windows XP Professional with SP2 Evaluated Configuration User’s Guide - version 3.0", in the “Computer Access” section, page 16 and following, it is shown how identification and authentication happen (which is relative to the Identification and Authentication requisites): is there the equivalent of this document, with a similar section, for Windows 7 and/or Windows Server 2008 ?
I hope it is clear the kind of documents we need.
Thanks
PS: in case there was the possibility of having Functional Specification (or similar) documents, it would be appreciated too.