Class C2

Microsoft Corporation

Windows NT Workstation and Windows NT Server
Version 4.0 with Service Pack 6a and C2 Update

November 1999


Science Applications International Corporation (SAIC), Center for Information Security Technology, Evaluation Laboratory, Robert L.


Microsoft Windows NT Workstation and Windows NT Server are modern, 32-bit, graphical-oriented operating systems that support popular Windows-based applications, preemptive multitasking, and symmetric multiprocessing (SMP). Windows NT Server combines a variety of network services, including application services, file services and print services.

The Windows NT platform has been designed from its inception to be a secure operating system. Most importantly, it includes graphical administration tools that allow administrators to easily manage discretionary control and monitor all relevant security information for the operating system. The Windows NT platform also provides the ability to write security-relevant information into a security log to allow administrators to monitor their secure systems.

Other architecture strengths of Windows NT include:

The Windows NT platform includes a secure logon sequence (using the Ctrl-Alt-Del key sequence) that prevents non-trusted applications from trapping the username and password sequence. Other security features include account management capabilities for account lockout and password expiration.

The Windows NT platform ensures data protection using discretionary access control which controls access to the granularity of a single user. The Windows NT security model allows users to apply access controls to all system objects and all files using the native Windows NT file system (NTFS). Before an application or process can open a handle to any object, the Windows NT security system transparently verifies that the process has the appropriate authorization. The Windows NT platform ensures that no process can access a file unless the file's owner or a system administrator permits it.

The hosting hardware for the Windows NT platform in the evaluated configuration includes single processor and multiprocessor versions of the Compaq Proliant Server models 6500 and 7000, and Compaq Professional Workstation models 5100 and 8000. It also includes a HP DAT SCSI tape drive and HP Laser Jet PCL5 printers. A networked configuration was evaluated for interconnecting the various hardware with Windows NT workstations and servers.


Windows NT 4.0 has been available since August 1996. Service pack 6a for Windows NT 4.0 and the C2 Update have been available since November 1999. Contact Microsoft Corporation, Mike Lai at (425) 705-4651,


SAIC's Center for Information Security Technology, an authorized TTAP Evaluation Facility, has performed the evaluation of Microsoft's claim that the security features and assurances provided by Windows NT 4.0 with Service Pack 6a and the C2 Update with networking meet the C2 requirements of the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC) dated December 1985.

The SAIC evaluation team has determined that Windows NT 4.0 with Service Pack 6a and the C2 Update as configured by the Trusted Facility Manual satisfies all the specified requirements of the criteria at class C2. The Trusted Facility Manual, entitled "Administrator's and User's Security Guide," is available on the Microsoft web site at For a complete description of how the Windows NT satisfies each requirement of the Criteria, see Final Evaluation Report, Microsoft Corporation, Windows NT 4.0 with Service Pack 6a and the C2 Update.


Security was one of the base design goals for the Windows NT operating system. As such, security is pervasive throughout the operating system. The product includes graphical administration tools that allows administrators to control who accesses all system objects - such as individual files and printers and what type of control they have over system objects. The operating system further includes tools to manage users, backup data, control printers, manipulate file and directory access controls, and to administer the overall system.

Windows NT provides a TCB that enforces a DAC policy to protect information and allow users to share information under their control with other specified users, identification and authentication of users in order to control access to the system and enforce accountability, prevention of access to residual information from a previous user's actions, and provides for the auditing of security related events.

| Commercial Product Evaluations | TPEP Main Page | TTAP Main Page | Other C2 Products | Vendor's Trusted Products |

The National Security Agency / Trusted Product logos are trademarks of the NSA and use is subject to regulations of the NSA.

Last updated Fri Jan 28 13:30:50 2000