1/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
Reference: 2024-54-INF-4682- v1
Target: Limitada al expediente
Date: 15.01.2026
Created by: CERT16
Revised by: CALIDAD
Approved by: TECNICO
CERTIFICATION REPORT
Dossier # 2024-54
TOE Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server
2025, Microsoft Azure Stack HCI (versions 24H2, 23H2)
Applicant 600413485 - Microsoft Corporation
References
[EXT-9374] Solicitud de Certificación
Certification report of the product Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft
Windows Server 2025, Microsoft Azure Stack HCI (versions 24H2, 23H2), as requested in [EXT-9374]
dated 10/12/2024, and evaluated by DEKRA Testing and Certification S.A.U., as detailed in the
Evaluation Technical Report [EXT-9881] received on 29/09/2025.
2/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
CONTENTS
EXECUTIVE SUMMARY...........................................................................................................................3
TOE SUMMARY...................................................................................................................................5
SECURITY ASSURANCE REQUIREMENTS ............................................................................................7
SECURITY FUNCTIONAL REQUIREMENTS...........................................................................................8
IDENTIFICATION...................................................................................................................................11
SECURITY POLICIES...............................................................................................................................12
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT .......................................................................12
CLARIFICATIONS ON NON-COVERED THREATS................................................................................12
OPERATIONAL ENVIRONMENT FUNCTIONALITY .............................................................................12
ARCHITECTURE.....................................................................................................................................12
LOGICAL ARCHITECTURE ..................................................................................................................12
PHYSICAL ARCHITECTURE.................................................................................................................12
DOCUMENTS........................................................................................................................................14
PRODUCT TESTING...............................................................................................................................14
EVALUATED CONFIGURATION .............................................................................................................14
EVALUATION RESULTS .........................................................................................................................16
COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM...............................................16
CERTIFIER RECOMMENDATIONS .........................................................................................................17
GLOSSARY.............................................................................................................................................17
BIBLIOGRAPHY .....................................................................................................................................17
SECURITY TARGET / SECURITY TARGET LITE (IF APPLICABLE)..............................................................18
RECOGNITION AGREEMENTS...............................................................................................................19
European Recognition of ITSEC/CC – Certificates (SOGIS-MRA)......................................................19
International Recognition of CC – Certificates (CCRA).....................................................................19
3/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
EXECUTIVE SUMMARY
This document constitutes the Certification Report for the certification file of the product Microsoft
Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server 2025, Microsoft Azure Stack HCI
(versions 24H2, 23H2).
The TOE includes the following operating systems:
• Microsoft Windows 11 Enterprise edition
• Microsoft Windows 11 version 24H2 Pro edition
• Microsoft Windows 11 version 24H2 Education edition
• Microsoft Windows 11 version 24H2 IoT Enterprise edition
• Microsoft Windows 11 Enterprise edition
• Microsoft Windows Server 2025 Standard edition
• Microsoft Windows Server 2025 Datacenter edition
• Microsoft Windows Server 2025 Datacenter: Azure edition
• Microsoft Azure Local version 24H2
• Microsoft Azure Local version 23H2
Where the specific TOE build versions are the following:
• Microsoft Windows 11 build 10.0.26100.1. (also known as version 24H2)
• Microsoft Windows 11 version 24H2 Pro editions (x64) and Education
editions build 10.0.26100.1
• Microsoft Windows 11 version 24H2 IoT Enterprise edition (x64) edition build
10.0.26100.1
• Microsoft Windows 11 version 23H2 version Enterprise edition build
10.0.22631.2428
• Microsoft Windows Server 2025 Standard, Datacenter editions build
10.0.26100.1
• Microsoft Windows Server 2022 2025 Datacenter Azure edition build
10.0.26100.1
4/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
• Microsoft Azure Local build 10.0.26100.1 (also known as 24H2)
Microsoft Azure Local build 10.0.25398.469 (also known as 23H2)
With the following security updates:
Windows 11, Windows Server and Azure Local: all critical updates as of July 1, 2025.
Developer/manufacturer: Microsoft Corporation
Sponsor: Microsoft Corporation.
Certification Body: Centro Criptológico Nacional (CCN) del Centro Nacional de Inteligencia (CNI).
ITSEF: Nombre Laboratorio.
Protection Profile:
The ST and the Windows 10 and 11 editions (TOEs) claims exact conformance to:
• Protection Profile for General Purpose Operating Systems, Version 4.3 September 27, 2022
• PP-Module for WLAN Clients, version 1.0, March 31, 2022 •
• PP-Module for Virtual Private Network (VPN) Clients, version 2.4, March 31, 2022 •
• PP-Module for Bluetooth, version 1.0, April 15, 2021
• Functional Package for Transport Layer Security (TLS), Version 2.0, December 19, 2022
The ST, the Windows Server and the Azure Stack editions (TOEs) claims exact conformance to:
• Protection Profile for General Purpose Operating Systems, Version 4.3 September 27, 2022
• PP-Module for Virtual Private Network (VPN) Clients, version 2.4, March 31, 2022
• PP-Module for Bluetooth, version 1.0, April 15, 2021
• Functional Package for Transport Layer Security (TLS), Version 2.0, December 19, 2022
Evaluation Level: In conformance with [GPOSPP43]
Evaluation end date: 17/11/2025.
Expiration Date1: 18/12/2025
1
This date refers to the expiration date of the certificate recognition within the scope of the mutual recognition
arrangements signed by this Certification Body.
5/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
All the assurance components required by the evaluation level of [GPOSPP],
[WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and [Functional_Package_TLS]
have been assigned a “PASS” verdict. Consequently, the laboratory DEKRA Testing and Certification
S.A.U. assigns the “PASS” VERDICT to the whole evaluation due all the evaluator actions are
satisfied for the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and
[Functional_Package_TLS] assurance level packages, as defined by the Common Criteria version 3.1
release 5, the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] ,
[Functional_Package_TLS] and the Common Criteria Evaluation Methodology version 3.1 release 5.
Considering the obtained evidences during the instruction of the certification request of the
product Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server 2025,
Microsoft Azure Stack HCI (versions 24H2, 23H2), a positive resolution is proposed.
TOE SUMMARY
The TOE includes the Windows 11 operating system; the Windows Server 2025 operating system;
Azure Local; and those applications necessary to manage, support and configure the operating
system. Windows 11 and Windows Server can be delivered preinstalled on a new computer or
downloaded from the Microsoft website.
All Windows 11, Windows Server editions, plus the Windows operating systems in Azure Local
products, collectively called “Windows”, are preemptive multitasking, multiprocessor, and multi-
user operating systems. In general, operating systems provide users with a convenient interface to
manage underlying hardware. They control the allocation and manage computing resources such
as processors, memory, and Input/Output (I/O) devices. Windows expands these basic operating
system capabilities to controlling the allocation and managing higher level IT resources such as
security principals (user or machine accounts), files, printing objects, services, window station,
desktops, cryptographic keys, network ports traffic, directory objects, and web content. Multi-user
operating systems such as Windows keep track of which user is using which resource, grant
resource requests, account for resource usage, and mediate conflicting requests from different
programs and users.
TOE Security Services
• Security Audit: Windows has the ability to collect audit data, review audit logs, protect audit
logs from overflow, and restrict access to audit logs. Audit information generated by the
system includes the date and time of the event, the user identity that caused the event to
be generated, and other event specific data. Authorized administrators can review audit
logs and have the ability to search and sort audit records. Authorized Administrators can
also configure the audit system to include or exclude potentially auditable events to be
audited based on a wide range of characteristics. In the context of this evaluation, the
6/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
protection profile requirements cover generating audit events, selecting which events
should be audited, and providing secure storage for audit event entries.
• Cryptographic Support: Windows provides FIPS 140-2 CAVP validated cryptographic
functions that support encryption/decryption, cryptographic signatures, cryptographic
hashing, cryptographic key agreement, and random number generation. The TOE
additionally provides support for public keys, credential management and certificate
validation functions and provides support for the National Security Agency’s Suite B
cryptographic algorithms. Windows also provides extensive auditing support of
cryptographic operations, the ability to replace cryptographic functions and random number
generators with alternative implementations,2 and a key isolation service designed to limit
the potential exposure of secret and private keys. In addition to using cryptography for its
own security functions, Windows offers access to the cryptographic support functions for
user-mode and kernel-mode programs. Public key certificates generated and used by
Windows authenticate users and machines as well as protect both user and system data in
transit.
o TLS: Windows implements Transport Layer Security to provide protected,
authenticated, confidential, and tamper-proof networking between two peer
computers.
o IPsec: Windows implements IPsec to provide protected, authenticated, confidential,
and tamper-proof networking between two peer computers.
o Wi-Fi: Windows implements IEEE 802.11 wireless networking to provide protected,
authenticated, confidential, and tamper-proof networking between Windows clients
and Wi-Fi access points.
o Bluetooth: Windows implements Bluetooth version 5.1 wireless networking
protocols to provide protected, authenticated, confidential, and tamper-proof
networking between Windows operating systems and Bluetooth peer devices.
• User Data Protection: In the context of this evaluation Windows protects user data and
provides virtual private networking capabilities.
• Identification and Authentication Each Windows user must be identified and authenticated
based on administrator-defined policy prior to performing any TSF-mediated functions. An
interactive user invokes a trusted path in order to protect his I&A information. Windows
maintains databases of accounts including their identities, authentication information,
group associations, and privilege and logon rights associations. Windows account policy
functions include the ability to define the minimum password length, the number of failed
logon attempts, the duration of lockout, and password age. Windows provides the ability to
use, store, and protect X.509 certificates that are used for IPsec VPN sessions.
2
This option is not included in the Windows Common Criteria evaluation.
7/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
• Protection of the TOE Security Functions: Windows provides a number of features to
ensure the protection of TOE security functions. Windows protects against unauthorized
data disclosure and modification by using a suite of Internet standard protocols including
IPsec, IKE, and ISAKMP. Windows ensures process isolation security for all processes
through private virtual address spaces, execution context, and security context. The
Windows data structures defining process address space, execution context, memory
protection, and security context are stored in protected kernel-mode memory. Windows
includes self-testing features that ensure the integrity of executable program images and its
cryptographic functions. Finally, Windows provides a trusted update mechanism to update
Windows binaries itself.
• Session Locking: Windows provides the ability for a user to lock their session either
immediately or after a defined interval. Windows constantly monitors the mouse,
keyboard, and touch display for activity and locks the computer after a set period of
inactivity.
• TOE Access: Windows allows an authorized administrator to configure the system to display
a logon banner before the logon dialog.
• Trusted Path for Communications: Windows uses TLS, HTTPS, DTLS, EAP-TLS, and IPsec to
provide a trusted path for communications.
• Security Management: Windows includes several functions to manage security policies.
Policy management is controlled through a combination of access control, membership in
administrator groups, and privileges.
SECURITY ASSURANCE REQUIREMENTS
The product was evaluated with all the evidence required to fulfil the assurance packages defined
in [GPOSPP], according to Common Criteria version 3.1 release 5. The TOE meets the following
SARs:
Requirement Class Requirement Component
Security Target (ASE) ST Introduction (ASE_INT.1)
Conformance Claims (ASE_CCL.1)
Security Objectives (ASE_OBJ.2)
Extended Components Definition (ASE_ECD.1)
Derived Security Requirements (ASE_REQ.2)
Security Problem Definition (ASE_SPD.1)
TOE Summary Specification (ASE_TSS.1)
Development (ADV) Security-enforcing functional specification (ADV_FSP.1)
Guidance Documents (AGD) Operational User Guidance (AGD_OPE.1)
Preparative Procedures (AGD_PRE.1)
8/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
Lifecycle support (ALC) Use of a CM system (ALC_CMC.1)
Parts of the TOE CM coverage (ALC_CMS.1)
Delivery procedures (ALC_TSU_EXT.1)
Tests (ATE) Independent Testing - sample (ATE_IND.1)
Vulnerability evaluation (AVA) Vulnerability Analysis (AVA_VAN.1)
SECURITY FUNCTIONAL REQUIREMENTS
The Windows 11 editions satisfy functional requirements according to the Common Criteria version
3.1 release 5, [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module] and [Bluetooth_Module].
TOE Security Functional Requirements for GP OS PP
Requirement Class Requirement Component
Security Audit
(FAU)
Audit Data Generation (FAU_GEN.1)
Cryptographic
Support (FCS)
Cryptographic Key Generation for (FCS_CKM.1)
Cryptographic Key Establishment (FCS_CKM.2)
Cryptographic Key Destruction (FCS_CKM_EXT.4)
Cryptographic Operation for Data Encryption/Decryption
(FCS_COP.1/ENCRYPT)
Cryptographic Operation for Hashing (FCS_COP.1/HASH)
Cryptographic Operation for Signing (FCS_COP.1/SIGN)
Cryptographic Operation for Keyed Hash Algorithms
(FCS_COP.1/KEYHMAC)
Random Bit Generation (FCS_RBG_EXT.1)
Storage of Sensitive Data (FCS_STO_EXT.1)
User Data
Protection (FDP)
Access Controls for Protecting User Data (FDP_ACF_EXT.1)
Information Flow Control (FDP_IFC_EXT.1)
Identification &
Authentication
(FIA)
Authorization Failure Handling (FIA_AFL.1)
Multiple Authentication Mechanisms (FIA_UAU.5)
X.509 Certification Validation (FIA_X509_EXT.1)
X.509 Certificate Authentication (FIA_X509_EXT.2)
Security
Management (FMT)
Management of Security Functions Behavior (FMT_MOF_EXT.1)
Specification of Management Functions for OS (FMT_SMF_EXT.1)
Protection of the
TSF (FPT)
Access Controls (FPT_ACF_EXT.1)
Address Space Layout Randomization (FPT_ASLR_EXT.1)
Limitation of Bluetooth Profile Support (FPT_BLT_EXT.1)
Buffer Overflow Protection (FPT_SBOP_EXT.1)
9/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
Software Restriction Policies (FPT_SRP_EXT.1)
Boot Integrity (FPT_TST_EXT.1)
Trusted Update (FPT_TUD_EXT.1)
Trusted Update for Application Software (FPT_TUD_EXT.2)
TOE Access (FTA) Default TOE Access Banners (FTA_TAB.1)
Trusted
Path/Channels
(FTP)
Trusted Path (FTP_TRP.1)
Trusted Channel Communication (FTP_ITC_EXT.1)
TOE Security Functional Requirements for WLAN Client Module
Requirement Class Requirement Component
Security Audit
(FAU)
Audit Data Generation for Wireless LAN (FAU_GEN.1 (WLAN))
Cryptographic
Support (FCS)
Cryptographic Key Generation for Symmetric Keys for
WPA2/WPA3Connections (FCS_CKM.1(WPA))
Cryptographic Key Distribution for Symmetric Keys for
WPA2/WPA3Connections (FCS_CKM.2(WLAN))
Extensible Authentication Protocol-Transport Layer Security
(FCS_TLSC_EXT.1(WLAN))
TLS Client Support for Supported Groups Extension (EAP-TLS for WLAN)
(FCS_TLSC_EXT.2(WLAN))
Supported WPA Versions (FCS_WPA_EXT.1)
Identification &
Authentication
(FIA)
Port Access Entity Authentication (FIA_PAE_EXT.1)
X.509 Certificate Validation (FIA_X509_EXT.1(WLAN))
X.509 Certificate Authentication EAP-TLS for WLAN
(FIA_X509_EXT.2(WLAN))
Certificate Storage and Management (FIA_X509_EXT.6)
Security
Management (FMT)
Specification of Management Functions for Wi-Fi (FMT_SMF.1(WLAN))
Protection of the
TSF (FPT)
TSF Cryptographic Functionality Testing (FPT_TST_EXT.3 (WLAN))
TOE Access (FTA) Wireless Network Access (FTA_WSE_EXT.1)
Trusted
Path/Channels
(FTP)
Trusted Channel Communication (FTP_ITC_EXT.1 (WLAN))
10/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
TOE Security Functional Requirements for VPN Client Module
Requirement Class Requirement Component
Security Audit
(FAU)
Audit Data Generation (FAU_GEN.1(VPN))
Selective Audit (FAU_SEL.1)
Cryptographic
Support (FCS)
Cryptographic Key Generation (FCS_CKM.1 (VPN))
Cryptographic Key Storage (FCS_CKM_EXT.2)
EAP-TLS (FCS_EAP_EXT.1)
IPsec (FCS_IPSEC_EXT.1)
User Data
Protection (FDP)
Split Tunnel Prevention (FDP_VPN_EXT.1)
Full Residual Information Protection (FDP_RIP.2)
Identification &
Authentication
(FIA)
Pre-Shared Key Composition (FIA_PSK_EXT.1)
Generated Pre-Shared Keys (FIA_PSK_EXT.2)
X.509 Certificate Use and Management (FIA_X509_EXT.3)
Security
Management (FMT)
Specification of Management Functions for VPN (FMT_SMF.1(VPN))
Protection of the
TSF (FPT)
Self-Test for IPsec (FPT_TST_EXT.1 (VPN))
Trusted
Path/Channels
(FTP)
Inter-TSF Trusted Channel (FTP_ITC.1(VPN))
TOE Security Functional Requirements for PP-Module for Bluetooth
Requirement Class Requirement Component
Security Audit
(FAU)
Audit Data Generation (FAU_GEN.1(BT))
Cryptographic
Support (FCS)
Bluetooth Key Generation (FCS_CKM_EXT.8)
Identification &
Authentication
(FIA)
Bluetooth User Authorization (FIA_BLT_EXT.1)
Bluetooth Mutual Authentication (FIA_BLT_EXT.2)
Rejection of Duplicate Bluetooth Connections (FIA_BLT_EXT.3)
Secure Simple Pairing (FIA_BLT_EXT.4)
Trusted Bluetooth Device User Authorization (FIA_BLT_EXT.6)
Untrusted Bluetooth Device User Authorization (FIA_BLT_EXT.7)
Security
Management (FMT)
Management of Security Functions Behavior for Bluetooth
(FMT_MOF_EXT.1(BT))
Specification of Management Functions for VPN (FMT_SMF_EXT.1(BT))
Trusted Bluetooth Encryption (FTP_BLT_EXT.1)
11/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
Path/Channels
(FTP)
Persistence of Bluetooth Encryption (FTP_BLT_EXT.2)
Bluetooth Encryption Parameters (BR/EDR) (FTP_BLT_EXT.3(BR))
Bluetooth Encryption Parameters (LE) (FTP_BLT_EXT.3(LE))
TOE Security Functional Requirements for Functional Package for Transport Layer Security (TLS)
Requirement Class Requirement Component
Cryptographic
Support (FCS)
TLS Protocol (FCS_TLS_EXT.1)
TLS Client Protocol (FCS_TLSC_EXT.1)
TLS Client Support for Mutual Authentication (FCS_TLSC_EXT.2)
TLS Client Support Downgrade Protection (FCS_TLSC_EXT.3)
TLS Client Support for Renegotiation (FCS_TLSC_EXT.4)
TLS Client Support for Session Resumption (FCS_TLSC_EXT.5)
TLS Client 1.3 Resumption Refinements (FCS_TLSC_EXT.6)
TLS Server Protocol (FCS_TLSS_EXT.1)
TLS Server Support for Mutual Authentication (FCS_TLSS_EXT.2)
TLS Server Support Downgrade Protection (FCS_TLSS_EXT.3)
TLS Server Support for Session Resumption (FCS_TLSS_EXT.5)
TLS Server TLS 1.3 Resumption Refinements (FCS_TLSS_EXT.6)
DTLS Client Protocol (FCS_DTLSC_EXT.1)
DTLS Client Support for Mutual Authentication (FCS_DTLSC_EXT.2)
DTLS Client Downgrade Protection (FCS_DTLSC_EXT.3)
[D]TLS Client Support for Renegotiation (FCS_DTLSC_EXT.4)
DTLS Client Support for Session Resumption (FCS_DTLSC_EXT.5)
DTLS Server Protocol (FCS_DTLSS_EXT.1)
DTLS Server Support for Mutual Authentication (FCS_DTLSS_EXT.2)
DTLS Server Downgrade Protection (FCS_DTLSS_EXT.3)
DTLS Server Support for Session Resumption (FCS_DTLSS_EXT.5)
IDENTIFICATION
Product: Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server 2025,
Microsoft Azure Stack HCI (versions 24H2, 23H2)
Security Target: Microsoft Windows 11 (24H2, 23H2), Windows Server 2025 and Azure local (24H2,
23H2) Security Target, version 0.02, July 2, 2025.
Protection Profile: [GPOSPP43]
Evaluation Level: In conformance with [GPOSPP43]
12/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
SECURITY POLICIES
There are no Organizational Security Policies for the protection profile or the protection profile
modules.
ASSUMPTIONS AND OPERATIONAL ENVIRONMENT
The following assumptions are constraints to the conditions used to assure the security properties
and functionalities compiled by the security target. These assumptions have been applied during
the evaluation in order to determine if the identified vulnerabilities can be exploited.
In order to assure the secure use of the TOE, it is necessary to start from these assumptions for its
operational environment. If this is not possible and any of them could not be assumed, it would not
be possible to assure the secure operation of the TOE.
The detail of these assumptions is documented in the Security Target, section 3.3 (“Secure Usage
Assumptions”).
CLARIFICATIONS ON NON-COVERED THREATS
The threats detailed in [ST], chapter 3.1 (“Threats to security”) do not suppose a risk for the TOE,
based on conformance to [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module],
[Bluetooth_Module] and [Functional_Package_TLS].
For any other threat not included in the [ST], the evaluation results of the product security
properties and the associated certificate, do not guarantee any resistance.
OPERATIONAL ENVIRONMENT FUNCTIONALITY
The product requires the cooperation from its operational environment to fulfil some of the
objectives of the defined security problem.
The security objectives declared for the TOE operational environment are those defined in the
Protection Profile and they are documented in the Security Target, section 4.2 (“Security Objectives
for the operational Environment”).
ARCHITECTURE
LOGICAL ARCHITECTURE
Conceptually the Windows TOE can be thought of as a collection of the following security services
which the security target describes with increasing detail:
• Security Audit
13/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
• Cryptographic Support
• User Data Protection
• Identification and Authentication
• Security Management
• Protection of the TOE Security Functions
• Access to the TOE
• Trusted Path and Channels
These services are primarily provided by Windows components:
• The Boot Manager, which is invoked by the computer’s bootstrapping code.
• The Windows Loader which loads the operating system into the computer’s memory.
• Windows OS Resume which reloads an image of the executing operating system from a
hibernation file as part of resuming from a hibernated state.
• The Windows Kernel which contains device drivers for the Windows NT File System, full
volume encryption, the crash dump filter, and the kernel-mode cryptographic library.
• The IPv4 / IPv6 network stack in the kernel.
• The IPsec module in user-mode.
• The IKE and AuthIP Keying Modules service which hosts the IKE and Authenticated Internet
Protocol (AuthIP) keying modules. These keying modules are used for authentication and
key exchange in Internet Protocol security (IPsec).
• The Remote Access Service device driver in the kernel, which is used primarily for ad hoc or
user-defined VPN connections; known as the “RAS IPsec VPN” or “RAS VPN”.
• The IPsec Policy Agent service which enforces IPsec policies.
• The Key Isolation Service which protects secret and private keys.
• The Local Security Authority Subsystem which identifies and authenticates users prior to log
on and generates events for the security audit log.
• FIPS-Approved cryptographic algorithms to protect user and system data.
• Local and remote administrative interfaces for security management.
• Windows Explorer which can be used to manage the OS and check the integrity of Windows
files and updates.
• The Windows Trusted Installer which installs updates to the Windows operating system.
PHYSICAL ARCHITECTURE
Each instance of the general-purpose OS TOE runs on a tablet, convertible, workstation or server
computer. The TOE executes on processors from Intel (x64) or AMD (x64) along with peripherals for
input/output (keyboard, mouse, display, and network). The TOE was tested on the physical and
virtual computer platforms listed in the Security Target, in the section 1.4.2.2. The TOE does not
include any hardware or network infrastructure components between the computers that comprise
14/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
the distributed TOE. The security target assumes that any network connections, equipment,
peripherals and cables are appropriately protected in the TOE security environment.
DOCUMENTS
The product includes the following documents that shall be distributed and made available
together to the users of the evaluated version.
• Operational and Administrative Guidance version 9.0, September 12, 2025 (along with all
the documents web resources referenced therein).
o Hash SHA-256: 886F346A26998E9D11F1D8F0A6B537E466C944358A51A02D9B5956BC77F0D224
PRODUCT TESTING
The tests performed by the evaluator are based on the assurance activities defined for the ATE
activity in the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and
[Functional_Package_TLS] for each SFR that is included in the [ST].
The evaluator has performed an installation and configuration of the TOEs and their operational
environment following the steps included in the installation and operation manual. The TOE
configuration used to execute the independent tests is consistent with the evaluated configuration
according to security target [ST].
The independent testing has covered 100% of SFRs of the [ST] and assurance activities defined in
the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and
[Functional_Package_TLS] for each SFR. There has not been any deviation from the expected results
under the environment defined in security target [ST].
EVALUATED CONFIGURATION
The software and hardware requirements, as well as the referenced options are indicated below.
Therefore, for the operation of the product Microsoft Windows 11 (versions 24H2 and 23H2),
Microsoft Windows Server 2025, Microsoft Azure Stack HCI (versions 24H2, 23H2) it is necessary
the disposition of the following software components:
The Windows TOE is a series of products which includes:
• Four product variants for Windows 11 version 24H2 (build 10.0.26100.1):
o Microsoft Windows 11 Enterprise edition
o Microsoft Windows 11 version 24H2 Pro edition
o Microsoft Windows 11 version 24H2 Education edition
o Microsoft Windows 11 version 24H2 IoT Enterprise edition
• One product variant for Windows 11 version 23H2 (build 10.0.22631.2428):
o Microsoft Windows 11 Enterprise edition
15/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
• Three variants of Windows Server 2025 (build 10.0. 26100.1)
o Microsoft Windows Server 2025 Standard edition
o Microsoft Windows Server 2025 Datacenter edition
o Microsoft Windows Server 2025 Datacenter: Azure edition
• Two product variants for the Windows Server Azure product line:
o Microsoft Azure Local version 24H2 (build 10.0. 26100.1)
o Microsoft Azure Local version 23H2 (build 10.0.25398.469)
The TOE was tested on the following physical and virtual computer platforms:
• Microsoft Surface Laptop 6
• Microsoft Surface Pro 10
• Microsoft Surface Pro 11th edition (ARM)
• Microsoft Surface Laptop Go 3
• Microsoft Surface Go 4
• Microsoft Surface Laptop Studio 2
• HP EliteBook 840 14-inch G11 Notebook PCHP Elite x360 830 13-inch G11 2-in-1 Notebook
PC
• Dell Precision 3490
• Dell Latitude 5550
• Dell PowerEdge R640
• Dell PowerEdge R760
• Microsoft Windows Server 2025 Hyper-V
The next list summarizes the combination between hardware platforms and operating system
editions used for the testing:
• Microsoft Surface Laptop 6 with Microsoft Windows 11 Enterprise edition (build
10.0.26100.1)
• Microsoft Surface Pro 10 with Microsoft Windows 11 Enterprise edition (build
10.0.22631.2428)
• Dell PowerEdge R640 with Microsoft Windows Server 2025 Datacenter edition (build 10.0.
26100.1)
• Dell PowerEdge R760 with Microsoft Azure Local version 24H2 (build 10.0. 26100.1)
• Microsoft Windows Server 2025 Hyper-V with Microsoft Azure Local version 23H2 (build
10.0.25398.469)
• Microsoft Surface Pro 10 with Microsoft Windows 11 version 24H2 Pro edition (build
10.0.26100.1)
• Microsoft Surface Pro 11th edition (ARM) with Microsoft Windows 11 version 24H2 IoT
Enterprise edition (build 10.0.26100.1)
16/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
• Microsoft Surface Laptop Go 3 with Microsoft Windows 11 Enterprise edition (build
10.0.22631.2428)
• Microsoft Surface Go 4 with Microsoft Windows 11 Education edition (build 10.0.26100.1)
• Microsoft Surface Laptop Studio 2 with Microsoft Windows 11 Enterprise edition (build
10.0.26100.1)
• HP EliteBook 840 14-inch G11 Notebook PC with Microsoft Windows 11 version 24H2 Pro
edition (build 10.0.26100.1)
• HP Elite x360 830 13-inch G11 2-in-1 Notebook PC with Microsoft Windows 11 Education
edition (build 10.0.26100.1)
• Dell Precision 3490 with Microsoft Windows 11 version 24H2 IoT Enterprise edition (build
10.0.26100.1)
• Dell Latitude 5550 with Microsoft Windows 11 Enterprise edition (build 10.0.26100.1)
• Dell PowerEdge R760 with Microsoft Windows Server 2025 Standard edition (build 10.0.
26100.1)
• Microsoft Windows Server 2025 Hyper-V with Microsoft Windows Server 2025 Datacenter:
Azure edition (build 10.0. 26100.1)
EVALUATION RESULTS
The product Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server 2025,
Microsoft Azure Stack HCI (versions 24H2, 23H2) has been evaluated against the Security Target
Microsoft Windows 11 (24H2, 23H2), Windows Server 2025 and Azure local (24H2, 23H2) Security
Target, version 0.02, July 2, 2025.
All the assurance components required by the evaluation level of [GPOSPP],
[WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and [Functional_Package_TLS]
have been assigned a “PASS” verdict. Consequently, the laboratory DEKRA Testing and Certification
S.A.U. assigns the “PASS” VERDICT to the whole evaluation due all the evaluator actions are
satisfied for the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] and
[Functional_Package_TLS] assurance level packages, as defined by the Common Criteria version 3.1
release 5, the [GPOSPP], [WLAN_Client_Module], [VPN_Client_Module], [Bluetooth_Module] ,
[Functional_Package_TLS] and the Common Criteria Evaluation Methodology version 3.1 release 5.
COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM
Next, recommendations regarding the secure usage of the TOE are provided. These have been
collected along the evaluation process and are detailed to be considered when using the product.
• It is mandatory to strictly follow the steps indicated in the installation documentation in
order to download and install the correct version of the TOE in a proper manner.
• The user guidance must be read and understood in order to operate the TOE in an adequate
manner according to the security target.
17/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
CERTIFIER RECOMMENDATIONS
Considering the obtained evidences during the instruction of the certification request of the
product Microsoft Windows 11 (versions 24H2 and 23H2), Microsoft Windows Server 2025,
Microsoft Azure Stack HCI (versions 24H2, 23H2), a positive resolution is proposed.
GLOSSARY
CCN Centro Criptológico Nacional
CNI Centro Nacional de Inteligencia
EAL Evaluation Assurance Level
ETR Evaluation Technical Report
OC Organismo de Certificación
TOE Target of Evaluation
ST Security Target
OE Operational Environment
BIBLIOGRAPHY
The following standards and documents have been used for the evaluation of the product:
[CC_P1] Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and
general model, November 2022, CC:2022, Revision 1
[CC_P2] Common Criteria for Information Technology Security Evaluation, Part 2: Security
functional components, November 2022, CC:2022, Revision 1
[CC_P3] Common Criteria for Information Technology Security Evaluation, Part 3: Security
assurance components, November 2022, CC:2022, Revision 1
[CC_P4] Common Criteria for Information Technology Security Evaluation, Part 4: Framework for
the specification of evaluation methods and activities, November 2022, CC:2022, Revision 1
[CC_P5] Common Criteria for Information Technology Security Evaluation, Part 5: Pre-defined
packages of security requirements, November 2022, CC:2022, Revision 1
[CEM] Common Methodology for Information Technology Security Evaluation, Evaluation
methodology, April 2017, November 2022, CC:2022, Revision 1
[CCAdd] CC and CEM addenda. Exact Conformance, Selection-Based SFRs, Optional SFRs, version
0.5, May 2017.
[GPOSPP43] NIAP - Protection Profile for General Purpose Operating Systems, Version: 4.3,
September 27, 2022 [GPOSPP43] and NIAP Technical Decisions (TDs).
18/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
[PPMWLAN10] NIAP - PP-Module for Wireless Local Area Network (WLAN) Clients, Version 1.0,
March 31, 2022
[PPMVPN24] NIAP - PP Module for Virtual Private Network (VPN) Clients, Version 2.4, March 31,
2022
[PPMBLT10] NIAP - PP Module for Bluetooth, Version 1.0, April 15, 2021
[PPMTLS20] NIAP ‐ Functional Package for Transport Layer Security (TLS) Version 2.0, December
19, 2022
[ST002] Microsoft Windows 11 (24H2, 23H2), Windows Server 2025 and Azure local (24H2, 23H2)
Security Target, version 0.02, July 2, 2025.
[OPE_250912] Operational and Administrative Guidance Microsoft Windows 11 (versions 24H2,
23H2), Microsoft Windows Server 2025 Microsoft Azure Local (versions 24H2, 23H2), version 9.0,
September 12, 2025.
SECURITY TARGET / SECURITY TARGET LITE (IF APPLICABLE)
Along with this certification report, the complete security target of the evaluation is stored and
protected in the Certification Body premises. This document is identified as:
- Microsoft Windows 11 (24H2, 23H2), Windows Server 2025 and Azure local (24H2, 23H2)
Security Target, version 0.02, July 2, 2025.
19/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
RECOGNITION AGREEMENTS
In order to avoid multiple certifications of the same product in different countries a mutual
recognition of IT security certificates - as far as such certificates are based on ITSEC or CC - under
certain conditions was agreed.
European Recognition of ITSEC/CC – Certificates (SOGIS-MRA)
The SOGIS-Mutual Recognition Agreement (SOGIS-MRA) Version 3 became effective in April 2010. It
defines the recognition of certificates for IT-Products at a basic recognition level and, in addition, at
higher recognition levels for IT-Products related to certain SOGIS Technical Domains only.
The basic recognition level includes Common Criteria (CC) Evaluation Assurance Levels EAL 1 to EAL
4 and ITSEC Evaluation Assurance Levels E1 to E3 (basic). For "Smartcards and similar devices" a
SOGIS Technical Domain is in place. For "HW Devices with Security Boxes" a SOGIS Technical
Domains is in place, too. In addition, certificates issued for Protection Profiles based on Common
Criteria are part of the recognition agreement.
The new agreement has been signed by the national bodies of Austria, Finland, France, Germany,
Italy, The Netherlands, Norway, Spain, Sweden and the United Kingdom. The current list of
signatory nations and approved certification schemes, details on recognition, and the history of the
agreement can be seen on the website at https://www.sogis.eu.
The SOGIS-MRA logo printed on the certificate indicates that it is recognised under the terms of this
agreement by the nations listed above.
The certificate of this TOE is recognized under SOGIS-MRA for all assurance components selected.
International Recognition of CC – Certificates (CCRA)
The international arrangement on the mutual recognition of certificates based on the CC (Common
Criteria Recognition Arrangement, CCRA-2014) has been ratified on 08 September 2014. It covers
CC certificates based on collaborative Protection Profiles (cPP) (exact use), CC certificates based on
assurance components up to and including EAL 2 or the assurance family Flaw Remediation
(ALC_FLR) and CC certificates for Protection Profiles and for collaborative Protection Profiles (cPP).
The CCRA-2014 replaces the old CCRA signed in May 2000 (CCRA-2000). Certificates based on CCRA-
2000, issued before 08 September 2014 are still under recognition according to the rules of CCRA-
2000. For on 08 September 2014 ongoing certification procedures and for Assurance Continuity
20/20
https://oc.ccn.cni.es
organismo.certificacion@cni.es
(maintenance and re-certification) of old certificates a transition period on the recognition of
certificates according to the rules of CCRA-2000 (i.e. assurance components up to and including EAL
4 or the assurance family Flaw Remediation (ALC_FLR)) is defined until 08 September 2017.
As of September 2014, the signatories of the new CCRA-2014 are government representatives from
the following nations: Australia, Austria, Canada, Czech Republic, Denmark, Finland, France,
Germany, Greece, Hungary, India, Israel, Italy, Japan, Malaysia, The Netherlands, New Zealand,
Norway, Pakistan, Republic of Korea, Singapore, Spain, Sweden, Turkey, United Kingdom, and the
United States.
The current list of signatory nations and approved certification schemes can be seen on the
website: http://www.commoncriteriaportal.org.
The Common Criteria Recognition Arrangement logo printed on the certificate indicates that this
certification is recognised under the terms of this agreement by the nations listed above.
The certificate of this TOE is recognized under CCRA for all assurance components selected.