Certification Country: AUSTRALIA/NEW ZEALAND (2011)
Certificate Details: 2011/72
Certification Method: CC
Crypt Evaluation: Not Required
Evaluation Facility: stratsec
Manufacturer/Vendor/Distributor: Microsoft Corporation
Microsoft CorporationOne Microsoft Way
Redmond WA 98052 United States
Product Website: http://www.microsoft.com/exchange/2010/en/us/default.aspx
Senior Program Manager Exchange Server Group
Phone: +1 (425) 706-7625
The target of evaluation (TOE) is Microsoft’s Exchange 2010 SP1 Enterprise (English) 64-bit (known as Exchange 2010). The TOE is an e-mail and collaboration server that provides secure access to personal and shared data for a variety of clients using various protocols.
The evaluation scope includes the following security functions and features:
- Connection filtering. Protects from unwanted spam or Unsolicited Commercial E-mail (UCE) by blocking messages from specified IP addresses.
- Message filtering. Filters potential spam messages based on Administrator configured SMTP filters, including local and third party block/allow lists.
- Attachment filtering. Provides a mechanism to filter potentially harmful attachments from external networks.
- Transport filtering. Allows the administrator to define mail policies to prevent specific internal and/or external users from emailing each other.
- Access control. Protects mailboxes and public folders from unauthorized access.
- Identification and authentication. Provides identification and authentication mechanism for the Outlook Voice Access functionality in cases where Outlook Voice Access is not secured by the use of the TLS protocol.
- Distribution group restriction. Requires users sending mail to a distribution group to be successfully authenticated and to be authorized.
- Remote device wipe. Provides the ability for an administrator to issue a command to wipe a managed Windows Mobile device in the event that the device may have been compromised.