Re: Common Criteria Certification
- From: "Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx>
- Date: Thu, 26 Jul 2007 11:00:17 -0700
I would love to know where you get your rumors from, because those people must be smoking some really great stuff! They probably wouldn't share, though...
We don't set completion targets because it's largely out of our control when the evaluation will finish. I do know that completed certification, in a reasonable time, is our goal. Most certifications take two to three years after evaluation begins. But for most customers, "in evaluation" is sufficient for deployment--time lengths for evaluations haven't been blockers in our experience.
If I get any more details, I'll follow up here.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:908E3AFC-92A8-4C71-8962-82D8DD5A72FA@xxxxxxxxxxxxxxxx
Thank you for that reassurance. :).
Do you have an anticipated completion date? I imagine others are asking this
question of Microsoft too.
I ask this because the other thing I recall from the conversation that a
couple of us were privy to was that the Vista evaluation is going to consist
of producing a minimal number of security specifications each month (we heard
one spec a month) toward certification, pushing the actual CC completion date
out to the year 2050 or thereabouts. This is what led us to believe that
Microsoft is not pursuing CC certification, despite the appearance of being
"in evaluation" with a CCTL. We are also checking with the NSA and the CCTL
in Maryland to see if we can get more information.
Many thanks again.
--
Kim Jong, MCSE
"Steve Riley [MSFT]" wrote:
To double-check my own understanding, I verified with the program manager
responsible for our participation in certification programs. Common Criteria
evaluation will begin soon.
And speaking of stymied, I'm at a loss to make the link between my knowing
your email and the spouse of an MSRC employee! Just so that everyone here
knows: you are all welcome to email me privately. If I have to forward your
mail to someone else to get an answer, I cut out all identifying information
first. Only I will know your email/phone/blood type/credit
history/temperature of your ass in your chair. :)
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C1ED7D9F-5370-46C9-B25E-68D770698350@xxxxxxxxxxxxxxxx
> Steve, this came from someone who is married to a Microsoft person in > the
> MSRC. (Now you understand why I prefer not to contact you privately.) > We
> were
> told that Microsoft has chosen to pursue a different certification but
> that
> it is not the Common Criteria. We know of no other certifications, and > we
> are
> close to the NSA here. We can't seem to get any more information than
> that.
> The account team is stymied. Thank you, we will watch for the posting > on
> CCEVS.
> -- > Kim Jong, MCSE
>
>
> "Steve Riley [MSFT]" wrote:
>
>> I wanted to try to find out from you where you heard this information,
>> because it's wrong. We are indeed pursuing Common Criteria (ISO/IEC
>> 15408)
>> certification for both Windows Vista and Windows Server 2008. In fact, >> we
>> expect both to be listed at
>> http://www.niap-ccevs.org/cc-scheme/in_evaluation.cfm in a few weeks.
>>
>> Steve Riley
>> steve.riley@xxxxxxxxxxxxx
>> http://blogs.technet.com/steriley
>>
>>
>> "Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:A8308CF3-A2CF-4398-936E-F0AD277391B1@xxxxxxxxxxxxxxxx
>> > Thank you Steve, can you please post your response here? I wish to >> > keep
>> > my
>> > email address private, thank you.
>> > -- >> > Kim Jong, MCSE
>> >
>> >
>> > "Steve Riley [MSFT]" wrote:
>> >
>> >> Please reply to me privately. I can help you with this.
>> >>
>> >> Steve Riley
>> >> steve.riley@xxxxxxxxxxxxx
>> >> http://blogs.technet.com/steriley
>> >>
>> >>
>> >> "Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:9102EE4D-ABB9-406C-B442-385EE099B3E2@xxxxxxxxxxxxxxxx
>> >> > We have learnt here in D.C. that Microsoft will not be attaining
>> >> > Common
>> >> > Criteria certification of Vista and W2K8. This concerns us >> >> > greatly,
>> >> > as
>> >> > most
>> >> > of our clients are Federal agencies that require Common Criteria
>> >> > evaluation.
>> >> > We will not be able to deploy new OS to these agencies without >> >> > this
>> >> > CC
>> >> > certification. Many people will lose their jobs if government can >> >> > no
>> >> > longer
>> >> > use Windows. What is Microsoft going to do about this obstacle?
>> >> > -- >> >> > Kim Jong, MCSE
>> >>
- Follow-Ups:
- Re: Common Criteria Certification
- From: Kim_Jong
- Re: Common Criteria Certification
- References:
- Re: Common Criteria Certification
- From: Steve Riley [MSFT]
- Re: Common Criteria Certification
- From: Steve Riley [MSFT]
- Re: Common Criteria Certification
- From: Kim_Jong
- Re: Common Criteria Certification
- Prev by Date: Re: Cannot access my private folder...
- Next by Date: Re: firewall on budget ?
- Previous by thread: Re: Common Criteria Certification
- Next by thread: Re: Common Criteria Certification
- Index(es):
Relevant Pages
|
|
