Page 1 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
REF: 2017-49-INF-2218 v2
Target: Expediente
Date: 21.06.2018
Created by: CERT10
Revised by: CALIDAD
Approved by: TECNICO
CERTIFICATION REPORT
File: 2017-49 Windows 10: build 10.0.15063 (a.k.a. 1703) (Creators Update)
Applicant: Microsoft Corporation
References:
[EXT-3602] Certification request
[EXT-3752] Evaluation Technical Report v2.0.
The product documentation referenced in the above documents.
This is the Certification Report of the product: Windows Operating Systems (OS):
 Microsoft Windows 10 Home Edition (Creators Update) (32-bit version)
 Microsoft Windows 10 Pro Edition (Creators Update) (64-bit versions)
 Microsoft Windows 10 Enterprise Edition (Creators Update) (64-bit versions)
 Microsoft Windows 10 S Edition (Creators Update) (64-bit versions)
TOE Versions:
 Windows 10: build 10.0.15063 (also known as version 1703)
The following security updates must be applied for:
 Windows 10, all critical updates as of August 9, 2017
The certification was requested on 26/09/2017, and evaluated by the laboratory
Epoche & Espri S.L.U., as detailed in the Evaluation Technical Report [EXT-3752]
received on 23/01/2018.
Page 2 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
TABLE OF CONTENTS
EXECUTIVE SUMMARY ..................................................................................................................................3
TOE SUMMARY ..............................................................................................................................................4
SECURITY ASSURANCE REQUIREMENTS................................................................................................6
SECURITY FUNCTIONAL REQUIREMENTS ..............................................................................................6
IDENTIFICATION..............................................................................................................................................7
SECURITY POLICIES .......................................................................................................................................8
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT ...........................................................................8
THREATS .........................................................................................................................................................8
OPERATIONAL ENVIRONMENT FUNCTIONALITY.................................................................................9
ARCHITECTURE..............................................................................................................................................10
LOGICAL ARCHITECTURE.........................................................................................................................10
PHYSICAL ARCHITECTURE.......................................................................................................................11
DOCUMENTS ....................................................................................................................................................11
PRODUCT TESTING........................................................................................................................................11
PENETRATION TESTING.............................................................................................................................11
EVALUATED CONFIGURATION .................................................................................................................12
EVALUATION RESULTS................................................................................................................................13
COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM.......................................13
CERTIFIER RECOMMENDATIONS ............................................................................................................13
GLOSSARY ........................................................................................................................................................14
BIBLIOGRAPHY...............................................................................................................................................14
SECURITY TARGET........................................................................................................................................14
RECOGNITION AGREEMENTS....................................................................................................................16
EUROPEAN RECOGNITION OF ITSEC/CC – CERTIFICATES (SOGIS-MRA) ......................................................16
INTERNATIONAL RECOGNITION OF CC – CERTIFICATES (CCRA).....................................................................16
Page 3 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
EXECUTIVE SUMMARY
This document constitutes the Certification Report for the certification file of the
product:
Windows Operating Systems (OS):
 Microsoft Windows 10 Home Edition (Creators Update) (32-bit version)
 Microsoft Windows 10 Pro Edition (Creators Update) (64-bit versions)
 Microsoft Windows 10 Enterprise Edition (Creators Update) (64-bit versions)
 Microsoft Windows 10 S Edition (Creators Update) (64-bit versions)
TOE Versions:
 Windows 10: build 10.0.15063 (also known as version 1703)
The following security updates must be applied for:
 Windows 10, all critical updates as of August 9, 2017
The TOE includes the Windows 10 operating system, and those applications
necessary to manage, support and configure the operating system. Windows 10 can
be delivered preinstalled on a new computer or downloaded from the Microsoft
website.
Developer/manufacturer: Microsoft Corporation.
Sponsor: Microsoft Corporation.
Certification Body: Centro Criptológico Nacional (CCN) del Centro Nacional de
Inteligencia (CNI).
ITSEF: Epoche & Espri S.L.U..
Protection Profile: General Purpose Operating Systems Protection Profile, Version
4.1, March 9, 2016 (GP OS PP).
Evaluation Level: Common Criteria v3.1 R5 (assurance packages according to the
[GPOSPP]).
Evaluation end date: 23/01/2018.
All the assurance components required by the evaluation level of the [GPOSPP]
have been assigned a “PASS” verdict. Consequently, the laboratory Epoche & Espri
S.L.U assigns the “PASS” VERDICT to the whole evaluation due all the evaluator
actions are satisfied for the [GPOSPP] assurance level packages, as defined by the
Common Criteria v3.1 R5, the [GPOSPP] and the CEM v3.1 R5.
Page 4 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
Considering the obtained evidences during the instruction of the certification request
of the product Windows 10: build 10.0.15063 (also known as version 1703), a
positive resolution is proposed.
TOE SUMMARY
Windows 10 editions, collectively called “Windows”, are preemptive multitasking,
multiprocessor, and multi-user operating systems. In general, operating systems
provide users with a convenient interface to manage underlying hardware. They
control the allocation and manage computing resources such as processors,
memory, and Input/Output (I/O) devices. Windows expands these basic operating
system capabilities to controlling the allocation and managing higher level IT
resources such as security principals (user or machine accounts), files, printing
objects, services, window station, desktops, cryptographic keys, network ports traffic,
directory objects, and web content. Multi-user operating systems such as Windows
keep track of which user is using which resource, grant resource requests, account
for resource usage, and mediate conflicting requests from different programs and
users.
TOE major security features
The major security features implemented by the TOE and subject to evaluation (no
assurance can be supposed to any other functionality) to can be summarised as
follows:
 Security Audit: Windows has the ability to collect audit data, review audit logs,
protect audit logs from overflow, and restrict access to audit logs. Audit
information generated by the system includes the date and time of the event,
the user identity that caused the event to be generated, and other event
specific data. Authorized administrators can review audit logs and have the
ability to search and sort audit records. Authorized Administrators can also
configure the audit system to include or exclude potentially auditable events to
be audited based on a wide range of characteristics. In the context of this
evaluation, the protection profile requirements cover generating audit events,
selecting which events should be audited, and providing secure storage for
audit event entries.
 Cryptographic Support: Windows provides CAVP validated cryptographic
functions that support encryption/decryption, cryptographic signatures,
cryptographic hashing, cryptographic key agreement, and random number
generation. The TOE additionally provides support for public keys, credential
management and certificate validation functions and provides support for the
National Security Agency’s Suite B cryptographic algorithms. Windows also
provides extensive auditing support of cryptographic operations, the ability to
replace cryptographic functions and random number generators with
Page 5 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
alternative implementations, and a key isolation service designed to limit the
potential exposure of secret and private keys. In addition to using
cryptography for its own security functions, Windows offers access to the
cryptographic support functions for user-mode and kernel-mode programs.
Public key certificates generated and used by Windows authenticate users
and machines as well as protect both user and system data in transit.
 User Data Protection: In the context of this evaluation Windows protects user
data and provides virtual private networking capabilities.
 Identification and Authentication Each Windows user must be identified and
authenticated based on administrator-defined policy prior to performing any
TSF-mediated functions. An interactive user invokes a trusted path in order to
protect his I&A information. Windows maintains databases of accounts
including their identities, authentication information, group associations, and
privilege and logon rights associations. Windows account policy functions
include the ability to define the minimum password length, the number of
failed logon attempts, the duration of lockout, and password age.
 Protection of the TOE Security Functions: Windows provides a number of
features to ensure the protection of TOE security functions. Windows
protects against unauthorized data disclosure and modification by using a
suite of Internet standard protocols including IPsec, IKE, and ISAKMP.
Windows ensures process isolation security for all processes through private
virtual address spaces, execution context, and security context. The
Windows data structures defining process address space, execution context,
memory protection, and security context are stored in protected kernel-mode
memory. Windows includes self-testing features that ensure the integrity of
executable program images and its cryptographic functions. Finally, Windows
provides a trusted update mechanism to update Windows binaries itself.
 Session Locking: Windows provides the ability for a user to lock their session
either immediately or after a defined interval. Windows constantly monitors
the mouse, keyboard, and touch display for activity and locks the computer
after a set period of inactivity.
 TOE Access: Windows allows an authorized administrator to configure the
system to display a logon banner before the logon dialog.
 Trusted Path for Communications: Windows uses HTTPS, DTLS, and TLS to
provide a trusted path for communications.
 Security Management: Windows includes several functions to manage
security policies. Policy management is controlled through a combination of
access control, membership in administrator groups, and privileges.
Page 6 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
SECURITY ASSURANCE REQUIREMENTS
The product was evaluated with all the evidences required to fulfil the assurance
packages defined in [GPOSPP], according to Common Criteria v3.1 R5. The TOE
meets the following SARs:
Class Family/Component
ASE:
Security Target evaluation
ASE_CCL.1 Conformance claims
ASE_ECD.1 Extended components definition
ASE_INT.1 ST introduction
ASE_OBJ.1 Security objectives
ASE_REQ.1 Derived security requirements
ASE_SPD.1 Security problem definition
ASE_TSS.1 TOE summary specification
ADV: Development ADV_FSP.1 Basic Functional Specification
AGD: Guidance documents AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC: Life cycle support ALC_CMC.1 Labeling of the TOE
ALC_CMS.1 TOE CM Coverage
ALC_TSU_EXT.1 Timely Security Updates
ATE: Tests ATE_IND.1 Independent Testing – Conformance
AVA: Vulnerability assessment AVA_VAN.1 Vulnerability Survey
SECURITY FUNCTIONAL REQUIREMENTS
The product security functionality satisfies the following functional requirements,
according to the Common Criteria v3.1 R5:
Requirement
Class
Requirement Component
Security Audit
(FAU)
Audit Data Generation (FAU_GEN.1)
Cryptographic
Support (FCS)
Cryptographic Key Generation for (FCS_CKM.1(1))
Cryptographic Key Establishment (FCS_CKM.2(1)
Cryptographic Key Destruction (FCS_CKM.4)
Cryptographic Operation for Data Encryption/Decryption
(FCS_COP.1(SYM))
Cryptographic Operation for Hashing (FCS_COP.1(HASH))
Cryptographic Operation for Signing (FCS_COP.1(SIGN))
Cryptographic Operation for Keyed Hash Algorithms
(FCS_COP.1(HMAC))
Random Bit Generation (FCS_RBG_EXT.1)
Storage of Sensitive Data (FCS_STO_EXT.1)
TLS Client Protocol (FCS_TLSC_EXT.1)
TLS Client Protocol (FCS_TLSC_EXT.2)
Page 7 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
TLS Client Protocol (FCS_TLSC_EXT.3)
TLS Client Protocol (FCS_TLSC_EXT.4)
DTLS Implementation (FCS_DTLS_EXT.1)
User Data
Protection
(FDP)
Access Controls for Protecting User Data (FDP_ACF_EXT.1)
Information Flow Control (FDP_IFC_EXT.1)
Identification
&
Authentication
(FIA)
Authorization Failure Handling (FIA_AFL.1)
Multiple Authentication Mechanisms (FIA_UAU.5)
X.509 Certification Validation (FIA_X509_EXT.1)
X.509 Certificate Authentication (FIA_X509_EXT.2)
Security
Management
(FMT)
Management of Security Functions Behavior (FMT_MOF_EXT.1)
Specification of Management Functions (FMT_SMF_EXT.1)
Protection of
the TSF (FPT)
Access Controls (FPT_ACF_EXT.1)
Address Space Layout Randomization (FPT_ASLR_EXT.1)
Stack Buffer Overflow Protection (FPT_SBOP_EXT.1)
Software Restriction Policies (FPT_SRP_EXT.1)
Boot Integrity (FPT_TST_EXT.1)
Trusted Update (FPT_TUD_EXT.1)
Trusted Update for Application Software (FPT_TUD_EXT.2)
TOE Access
(FTA)
Default TOE Access Banners (FTA_TAB.1)
Trusted
Path/Channels
(FTP)
Trusted Path (FTP_TRP.1)
Trusted Channel Communication (FTP_ITC_EXT.1(TLS))
Trusted Channel Communication (FTP_ITC_EXT.1(DTLS))
IDENTIFICATION
Product:
Windows Operating Systems (OS):
 Microsoft Windows 10 Home Edition (Creators Update) (32-bit version)
 Microsoft Windows 10 Pro Edition (Creators Update) (64-bit versions)
 Microsoft Windows 10 Enterprise Edition (Creators Update) (64-bit
versions)
 Microsoft Windows 10 S Edition (Creators Update) (64-bit versions)
TOE Build:
 Windows 10: build 10.0.15063 (also known as version 1703)
TOE Updates:
 Windows 10, all critical updates as of August 9, 2017
Security Target: Microsoft Windows 10 (Creators Update) Security Target version
0.05, December 18, 2017.
Page 8 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
Protection Profile: General Purpose Operating Systems Protection Profile, Version
4.1, March 9, 2016 (GP OS PP)
Evaluation Level: Common Criteria v3.1 R5 (assurance packages according to the
[GPOSPP]).
SECURITY POLICIES
There are no Organizational Security Policies defined for this evaluation as there are
not defined in the [GPOSPP].
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT
The following assumptions specified in the [GPOSPP] and included in the [ST], are
constraints to the conditions used to assure the security properties and
functionalities compiled by the security target [ST]. These assumptions have been
applied during the evaluation in order to determine if the identified vulnerabilities can
be exploited.
In order to assure the secure use of the TOE, it is necessary to start from these
assumptions for its operational environment. If this is not possible and any of them
could not be assumed, it would not be possible to assure the secure operation of the
TOE.
Assumption Description
A.PLATFORM The OS relies upon a trustworthy computing platform for its
execution. This underlying platform is out of scope of this PP.
A.PROPER_USER The user of the OS is not willfully negligent or hostile, and uses the
software in compliance with the applied enterprise security policy.
At the same time, malicious software could act as the user, so
requirements which confine malicious subjects are still in scope.
A.PROPER_ADMIN The administrator of the OS is not careless, willfully negligent or
hostile, and administers the OS within compliance of the applied
enterprise security policy.
THREATS
The threats to the IT assets against which protection is required by the TOE or by
the security environment as defined in the [GPOSPP] and included in the [ST] are
listed below.
Page 9 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
Threat Description
T.NETWORK_ATTACK An attacker is positioned on a communications channel or
elsewhere on the network infrastructure. Attackers may
engage in communications with applications and services
running on or part of the OS with the intent of compromise.
Engagement may consist of altering existing legitimate
communications.
T.NETWORK_EAVESDR
OP
An attacker is positioned on a communications channel or
elsewhere on the network infrastructure. Attackers may
monitor and gain access to data exchanged between
applications and services that are running on or part of the
OS.
T.LOCAL_ATTACK An attacker may compromise applications running on the OS.
The compromised application may provide maliciously
formatted input to the OS through a variety of channels
including unprivileged system calls and messaging via the file
system.
T.LIMITED_PHYSICAL_
ACCESS
An attacker may attempt to access data on the OS while
having a limited amount of time with the physical device.
OPERATIONAL ENVIRONMENT FUNCTIONALITY
The product requires the cooperation from its operational environment to fulfil some
of the objectives of the defined security problem. The security objectives declared for
the TOE operational environment in the [GPOSPP] and included in the [ST] are
categorized below.
Environment Objective Description
OE.PLATFORM The OS relies on being installed on trusted hardware.
OE.PROPER_USER The user of the OS is not willfully negligent or hostile, and
uses the software within compliance of the applied enterprise
security policy. Standard user accounts are provisioned in
accordance with the least privilege model. Users requiring
higher levels of access should have a separate account
dedicated for that use.
OE.PROPER_ADMIN The administrator of the OS is not careless, willfully negligent
or hostile, and administers the OS within compliance of the
applied enterprise policy.
Page 10 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
ARCHITECTURE
LOGICAL ARCHITECTURE
Conceptually the Windows TOE can be thought of as a collection of the following
security services which the security target describes with increasing detail in the
remainder of this document:
 Security Audit
 Cryptographic Support
 User Data Protection
 Identification and Authentication
 Security Management
 Protection of the TOE Security Functions
 Access to the TOE
 Trusted Path and Channels
These services are primarily provided by Windows components:
 The Boot Manager, which is invoked by the computer’s bootstrapping code.
 The Windows Loader which loads the operating system into the computer’s
memory.
 The Windows Kernel which contains device drivers for the Windows NT File
System, full volume encryption, the crash dump filter, and the kernel-mode
cryptographic library.
 The IPv4 / IPv6 network stack in the kernel.
 The Windows Trusted Installer which installs updates to the Windows
operating system.
 The Local Security Authority Subsystem which identifies and authenticates
users prior to log on and generates events for the security audit log.
 NIST CAVP-validated cryptographic algorithms to protect user and system
data.
 The Key Isolation Service which protects secret and private keys.
 Local and remote administrative interfaces for security management.
 Windows Explorer for Windows 10 which can be used to manage the OS and
check the integrity of Windows files and updates.
Page 11 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
PHYSICAL ARCHITECTURE
Each instance of the general purpose OS TOE runs on a tablet, convertible,
workstation or server computer. The TOE executes on processors from Intel (x86
and x64) or AMD (x86 and x64) along with peripherals for input/output (keyboard,
mouse, display, and network).
The TOE does not include any hardware or network infrastructure components
between the computers that comprise the distributed TOE. The security target
assumes that any network connections, equipment, peripherals and cables are
appropriately protected in the TOE security environment.
DOCUMENTS
The product includes the following document that shall be distributed and made
available together to the users of the evaluated version.
 Windows 10 Creators Update GP OS Operational Guidance version 0.91,
December 14, 2017 along with all the documents referenced therein.
PRODUCT TESTING
The tests performed by the evaluator are based on the assurance activities defined
for the ATE activity in the [GPOSPP] for each SFR that is included in the [ST].
The evaluator has performed an installation and configuration of the TOEs and their
operational environment following the steps included in the installation and operation
manual. The TOE configuration used to execute the independent tests is consistent
with the evaluated configuration according to security target [ST].
The independent testing has covered 100% of SFRs of the [ST] and assurance
activities defined in the [GPOSPP] for each SFR. There has not been any deviation
from the expected results under the environment defined in security target [ST].
PENETRATION TESTING
According to the [GPOSPP], the vulnerability analysis scope has taken into account
the public vulnerabilities affecting to all the operating system versions. The lab has
performed a search on public sources to discover known vulnerabilities of the TOE.
The lab has checked that all the public vulnerabilities published until August 9, 2017
have been fixed in the evaluated configuration.
Also, the vendor has published the corresponding update fixing the public
vulnerabilities identified for the period from August 9 to December 13, 2017.
Page 12 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
EVALUATED CONFIGURATION
The TOE under evaluation is composed of the following operating system versions:
 Microsoft Windows 10 Home Edition (Creators Update) (32-bit version)
 Microsoft Windows 10 Pro Edition (Creators Update) (64-bit version)
 Microsoft Windows 10 Enterprise Edition (Creators Update) (64-bit version)
 Microsoft Windows 10 S Edition (Creators Update) (64-bit version)
The build tested for all Windows 10 editions has been [version 10.0.15063] (also
known as 1703).
The hardware platforms used during the evaluation are listed below:
 Microsoft Surface Laptop
 Microsoft Surface Pro
 Microsoft Surface Book
 Microsoft Surface Pro 4
 Microsoft Surface Pro 3
 Microsoft Surface Studio
 Microsoft Surface Hub
 Microsoft Windows Server 2016 Hyper-V
 HP Pro x2 612 G2 Detachable PC with LTE
 Dell 5285
 Dell Inspiron 660s
 Panasonic Toughbook
The following list summarizes the combination between hardware platforms and
operating system editions used for the testing:
 Microsoft Surface Laptop with Windows 10 S
 Microsoft Surface Hub with Windows 10 x64 Creators Update (a.k.a Windows
10 Team)
 Microsoft Surface Studio with Windows 10 Enterprise (Creators Update.
 Microsoft Surface Pro with Windows 10 Enterprise (Creators Update)
 Microsoft Surface Book with Windows 10 Enterprise (Creators Update)
 Microsoft Surface Pro 4 with Windows 10 Enterprise (Creators Update)
 Microsoft Surface Pro 3 with Windows 10 Pro (Creators Update)
Page 13 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
 Microsoft Windows Server 2016 Hyper-V with Windows 10 Pro (Creators
Update)
 Dell 5285 with Windows 10 Pro (Creators Update)
 Dell Inspiron 660s with Windows 10 Home (x86) (Creators Update)
 HP Pro X2 612 G2 with Windows 10 Enterprise (Creators Update)
 Panasonic Toughbook with Windows 10 Pro (Creators Update)
EVALUATION RESULTS
The product 2218 has been evaluated against the Security Target Microsoft
Windows 10 (Creators Update) Security Target version 0.05, December 18, 2017.
All the assurance components defined in the [GPOSPP] have been assigned a
“PASS” verdict. Consequently, the laboratory CF assigns the “PASS” VERDICT to
the whole evaluation due all the evaluator actions are satisfied for the assurances
packages defined in the [GPOSPP] and included in the [ST], as defined by the
Common Criteria v3.1 R5, the [GPOSPP] and the CEM v3.1 R5.
COMMENTS & RECOMMENDATIONS FROM THE
EVALUATION TEAM
The TOE usage is recommended given that there are not exploitable vulnerabilities
in the operational environment. The following usage recommendations are given:
 It is mandatory to strictly follow the steps indicated in the installation
documentation in order to download and install the correct version of the TOE
in a proper manner.
 The user guidance must be read and understood in order to operate the TOE
in an adequate manner according to the security target.
CERTIFIER RECOMMENDATIONS
Considering the obtained evidences during the instruction of the certification request
of the product Windows 10: build 10.0.15063 (also known as version 1703), a
positive resolution is proposed.
Page 14 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
GLOSSARY
CCN Centro Criptológico Nacional
CNI Centro Nacional de Inteligencia
EAL Evaluation Assurance Level
ETR Evaluation Technical Report
OC Organismo de Certificación
TOE Target Of Evaluation
BIBLIOGRAPHY
The following standards and documents have been used for the evaluation of the
product:
[CC_P1] Common Criteria for Information Technology Security Evaluation Part 1:
Introduction and general model, Version 3.1, R5 Final, April 2017.
[CC_P2] Common Criteria for Information Technology Security Evaluation Part 2:
Security functional components, Version 3.1, R5 Final, April 2017.
[CC_P3] Common Criteria for Information Technology Security Evaluation Part 3:
Security assurance components, Version 3.1, R5 Final, April 2017.
[CEM] Common Methodology for Information Technology Security Evaluation:
Version 3.1, R5 Final, April 2017.
[GPOSPP] General Purpose Operating Systems Protection Profile, Version 4.1,
March 9, 2016 (GP OS PP)
[ST] Microsoft Windows 10 (Creators Update) Security Target version 0.05,
December 18, 2017
SECURITY TARGET
Along with this certification report, the complete security target of the evaluation is
stored and protected in the Certification Body premises. This document is identified
as:
- Microsoft Windows 10 (Creators Update) Security Target version 0.05,
December 18, 2017.
The public version of this document constitutes the ST Lite. The ST Lite has also
been reviewed for the needs of publication according to [CCDB-2006-04-004], and it
Page 15 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
is published along with this certification report in the Certification Body and CCRA
websites. The ST Lite identifier is:
- Microsoft Windows 10 (Creators Update) Security Target version 0.06, June
14, 2018.
Page 16 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
RECOGNITION AGREEMENTS
In order to avoid multiple certification of the same product in different countries a
mutual recognition of IT security certificates - as far as such certificates are based on
ITSEC or CC - under certain conditions was agreed.
European Recognition of ITSEC/CC – Certificates (SOGIS-MRA)
The SOGIS-Mutual Recognition Agreement (SOGIS-MRA) Version 3 became
effective in April 2010. It defines the recognition of certificates for IT-Products at a
basic recognition level and, in addition, at higher recognition levels for IT-Products
related to certain SOGIS Technical Domains only.
The basic recognition level includes Common Criteria (CC) Evaluation
Assurance Levels EAL 1 to EAL 4 and ITSEC Evaluation Assurance Levels E1 to E3
(basic). For "Smartcards and similar devices" a SOGIS Technical Domain is in place.
For "HW Devices with Security Boxes" a SOGIS Technical Domains is in place, too.
In addition, certificates issued for Protection Profiles based on Common Criteria are
part of the recognition agreement.
The new agreement has been signed by the national bodies of Austria,
Finland, France, Germany, Italy, The Netherlands, Norway, Spain, Sweden and the
United Kingdom. The current list of signatory nations and approved certification
schemes, details on recognition, and the history of the agreement can be seen on
the website at https://www.sogisportal.eu.
The SOGIS-MRA logo printed on the certificate indicates that it is
recognised under the terms of this agreement by the nations listed above.
This certificate is recognized under SOGIS-MRA for all assurance
components selected.
International Recognition of CC – Certificates (CCRA)
The international arrangement on the mutual recognition of certificates
based on the CC (Common Criteria Recognition Arrangement, CCRA-2014) has
been ratified on 08 September 2014. It covers CC certificates based on collaborative
Protection Profiles (cPP) (exact use), CC certificates based on assurance
components up to and including EAL 2 or the assurance family Flaw Remediation
(ALC_FLR) and CC certificates for Protection Profiles and for collaborative
Protection Profiles (cPP).
The CCRA-2014 replaces the old CCRA signed in May 2000 (CCRA-
2000). Certificates based on CCRA-2000, issued before 08 September 2014 are still
under recognition according to the rules of CCRA-2000. For on 08 September 2014
Page 17 of 17
https://oc.ccn.cni.es
Email: certificacion.ccn@cni.es
MINISTERIO
DE LA PRESIDENCIA
Y PARA LAS ADMINISTRACIONES TERRITORIALES
ongoing certification procedures and for Assurance Continuity (maintenance and re-
certification)of old certificates a transition period on the recognition of certificates
according to the rules of CCRA-2000 (i.e. assurance components up to and including
EAL 4 or the assurance family Flaw Remediation (ALC_FLR)) is defined until 08
September 2017.
As of September 2014 the signatories of the new CCRA-2014 are
government representatives from the following nations: Australia, Austria, Canada,
Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India,
Israel, Italy, Japan, Malaysia, The Netherlands, New Zealand, Norway, Pakistan,
Republic of Korea, Singapore, Spain, Sweden, Turkey, United Kingdom, and the
United States.
The current list of signatory nations and approved certification schemes
can be seen on the website: http://www.commoncriteriaportal.org.
The Common Criteria Recognition Arrangement logo printed on the certificate
indicates that this certification is recognised under the terms of this agreement by the
nations listed above.