The National Computer Security Center (NCSC) recently awarded C2 certification to Windows NT Workstation and Windows NT Server version 3.5, combined with Service Pack 3 for Windows NT 3.5. By meeting this government security standard, NT can now make inroads into the federal market, in which it's been gaining ground in recent months despite not having C2-level security certification.
According to a recent survey of federal sites by International Data Corp. (IDC), there are more than 400,000 servers and workstations in the government market today, with NT installed in 23% of the sites. In addition to making it a viable government operating system, C2 certification will help NT 3.5 gain acceptance in more information-sensitive businesses, although the C2 standard exceeds the security requirements of most businesses today.
Windows NT also has many security features that are not part of the government specification. In fact, it was originally designed to meet an even tougher US Department of Defense security standard known as B2. The operating system's security features include: restrictions on password length and password composition, the Windows NT domain model that allows users to have a single logon for all network resources, the graphical administration tools that permit fast and easy administration, and the ability to lock an NT Workstation or Server so that it can't be accessed while the owner is away. There's also a feature allowing you to display a legal notice to users who attempt to logon; this can function as part of a business's legal protections against trespassing.
Now that NT has C2 certification, it's on the Technical Review Board's Evaluated Products List (EPL). Being on the EPL, NT Workstation, NT Server, and NT networks can be used as components in constructing a C2-certified system. And while other C2-certified products, such as routers, will be necessary for a complete system, Windows NT Workstation will be a key component of many C2-certified systems because other network vendors do not have a secure desktop operating system to offer.
According to Microsoft, the company is also participating in the Rating Maintenance Phase (RAMP) program. A network configuration of the Windows NT platform version 3.51 is currently in RAMP evaluation.