Re: Common Criteria Certification
- From: Kim_Jong <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 27 Jul 2007 22:36:00 -0700
Hello Steve,
From what we're learning, these aren't rumors. My bosses made some headwaytoday. As I'm sure you know, Steve Lipner is on a different course. It's
common knowledge in the government sector that he's vented his concerns about
CC certification both here and abroad. We've heard him express his doubts
over the years. It's just that now it looks like the decision is more firm,
and he's in favor of piloting some other certification the NSA is sponsoring
(or they themselves piloting). This corroborated the information we received
through that internal channel I mentioned earlier.
This is obviously a sensitive topic, so I'm going to sign off and leave the
rest to the higher-ups.
Thank you again for your assistance.
--
Kim Jong, MCSE
"Steve Riley [MSFT]" wrote:
I would love to know where you get your rumors from, because those people.
must be smoking some really great stuff! They probably wouldn't share,
though...
We don't set completion targets because it's largely out of our control when
the evaluation will finish. I do know that completed certification, in a
reasonable time, is our goal. Most certifications take two to three years
after evaluation begins. But for most customers, "in evaluation" is
sufficient for deployment--time lengths for evaluations haven't been
blockers in our experience.
If I get any more details, I'll follow up here.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:908E3AFC-92A8-4C71-8962-82D8DD5A72FA@xxxxxxxxxxxxxxxx
Thank you for that reassurance. :)
Do you have an anticipated completion date? I imagine others are asking
this
question of Microsoft too.
I ask this because the other thing I recall from the conversation that a
couple of us were privy to was that the Vista evaluation is going to
consist
of producing a minimal number of security specifications each month (we
heard
one spec a month) toward certification, pushing the actual CC completion
date
out to the year 2050 or thereabouts. This is what led us to believe that
Microsoft is not pursuing CC certification, despite the appearance of
being
"in evaluation" with a CCTL. We are also checking with the NSA and the
CCTL
in Maryland to see if we can get more information.
Many thanks again.
--
Kim Jong, MCSE
"Steve Riley [MSFT]" wrote:
To double-check my own understanding, I verified with the program manager
responsible for our participation in certification programs. Common
Criteria
evaluation will begin soon.
And speaking of stymied, I'm at a loss to make the link between my
knowing
your email and the spouse of an MSRC employee! Just so that everyone here
knows: you are all welcome to email me privately. If I have to forward
your
mail to someone else to get an answer, I cut out all identifying
information
first. Only I will know your email/phone/blood type/credit
history/temperature of your ass in your chair. :)
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C1ED7D9F-5370-46C9-B25E-68D770698350@xxxxxxxxxxxxxxxx
Steve, this came from someone who is married to a Microsoft person in
the
MSRC. (Now you understand why I prefer not to contact you privately.)
We
were
told that Microsoft has chosen to pursue a different certification but
that
it is not the Common Criteria. We know of no other certifications, and
we
are
close to the NSA here. We can't seem to get any more information than
that.
The account team is stymied. Thank you, we will watch for the posting
on
CCEVS.
--
Kim Jong, MCSE
"Steve Riley [MSFT]" wrote:
I wanted to try to find out from you where you heard this information,
because it's wrong. We are indeed pursuing Common Criteria (ISO/IEC
15408)
certification for both Windows Vista and Windows Server 2008. In fact,
we
expect both to be listed at
http://www.niap-ccevs.org/cc-scheme/in_evaluation.cfm in a few weeks.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A8308CF3-A2CF-4398-936E-F0AD277391B1@xxxxxxxxxxxxxxxx
Thank you Steve, can you please post your response here? I wish to
keep
my
email address private, thank you.
--
Kim Jong, MCSE
"Steve Riley [MSFT]" wrote:
Please reply to me privately. I can help you with this.
Steve Riley
steve.riley@xxxxxxxxxxxxx
http://blogs.technet.com/steriley
"Kim_Jong" <KimJong@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9102EE4D-ABB9-406C-B442-385EE099B3E2@xxxxxxxxxxxxxxxx
We have learnt here in D.C. that Microsoft will not be attaining
Common
Criteria certification of Vista and W2K8. This concerns us
greatly,
as
most
of our clients are Federal agencies that require Common Criteria
evaluation.
We will not be able to deploy new OS to these agencies without
this
CC
certification. Many people will lose their jobs if government can
no
longer
use Windows. What is Microsoft going to do about this obstacle?
--
Kim Jong, MCSE
- References:
- Re: Common Criteria Certification
- From: Steve Riley [MSFT]
- Re: Common Criteria Certification
- From: Steve Riley [MSFT]
- Re: Common Criteria Certification
- From: Kim_Jong
- Re: Common Criteria Certification
- From: Steve Riley [MSFT]
- Re: Common Criteria Certification
- Prev by Date: Re: Force chosen the domain near to me.
- Next by Date: Re: Very Very Strange Problem
- Previous by thread: Re: Common Criteria Certification
- Next by thread: Re: firewall on budget ?
- Index(es):
Relevant Pages
|
|
