LONDON - April 28, 1999 - Today at the UK Infosec Conference, United Kingdom government officials announced that the Microsoft^® Windows NT^® Server and Windows NT Workstation 4.0 operating systems have passed a rigorous security evaluation conducted by the UK government's security standards agency. The E3/F-C2 security rating presented today by the UK Information Technology Security Evaluation Criteria (ITSEC) certification board provides independent confirmation that the Windows NT 4.0 architecture provides robust but flexible security.

This milestone underscores Microsoft Corp.'s continuing commitment to providing secure, trustworthy software to its customers, and to working with appropriate third parties with respect to security evaluations. Currently, Windows NT 4.0 also is undergoing an evaluation for the roughly equivalent rating of C2, according to the U.S. government's Trusted Computer System Evaluation Criteria (TCSEC, better known as the "Orange Book"), and Microsoft has submitted cryptographic algorithm implementations for evaluation under the U.S. government's Federal Information Processing Standard (FIPS) 140-1. After the release of the Windows^® 2000 operating system, Microsoft plans to submit it for a security evaluation under the Common Criteria, a nascent evaluation process that will consolidate the TCSEC and ITSEC criteria.

"The successful rating resulting from the ITSEC confirms the robust security architecture and design of Windows NT," said Edmund Muth, group product manager of Windows NT Server at Microsoft. "The strong security and wide range of security-related features in Windows NT benefit customers, including those in industries where security is a paramount concern, such as banking, government, health care and the military, and individuals who are concerned about their privacy and e-commerce."

The E3/F-C2 rating - widely accepted as the highest security evaluation that can be obtained by a general-purpose operating system - was awarded to Windows NT 4.0 with Service Pack 3. The rating follows more than a year of exhaustive testing by UK government security experts in which they examined source code and design documentation, and had direct access to the designers and builders of Windows NT. ITSEC is the only evaluation scheme recognized by the UK government for use in secure and sensitive installations. It also is officially recognized by the governments of many European Union member states, Canada, the former Soviet Republics and, with slight variations, New Zealand and Australia.