(CU (CU CENTRO CRIPTOLOGICO NACIONAL CERTIFICATE CCN-CC-009/2018 Windows Operating Systems (OS): Microsoft Windows 10 Home Edition (Fall Creators Update) (32-bit version), Microsoft Windows 10 Pro Edition (Fall Creators Update) (64-bit version), Microsoft Windows 10 Enterprise Edition (Fall Creators Update) (64- bit version), Microsoft Windows 10 S Edition (Fall Creators Update), Microsoft Windows Server Standard Core (version 1709) and Microsoft Windows Server Datacenter Core (version 1709) Type of product Operating System Conformance of functionality PP Conformance functionality Protection Profile Conformance NIAP - Protection Profile for General Purpose Operating Systems, Version: 4.1 Evaluation Facility Epoche & Espri S.L.U. Certification Report CCN-CC/2018-04/INF-2341 Expiration date See Certification Report Pursuant to the authority vested in me under Act 11/2002 regulating the National Intelligence Centre, and under Article 1 and Article 2.2.c of Royal Decree 421/2004 of March 12th regulating the National Cryptologic Centre, | hereby: Certify that the security of Windows 10 and Windows Server (Fall Creators Update) TOE build 10.0.16299 (also known as version 1709) and all critical updates as of January 31* 2018, developed by Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052 (United States of America), has been evaluated using the “Common Methodology for Information Technology Security Evaluation”, version 3.1 RS and the “Common Criteria for Information Technology Security Evaluation”, and it has met the requirements of its Security Target identified as “Microsoft Windows 10, Windows Server (Fall Creators Update) Security Target”, version: 0.03, March 23, 2018, with assurance package conform to PP. Madrid, April 20" , 2018 of State Director élix Sanz Roldan This certificate, its scope and validity are subject to the terms, conditions and requirements specified in the ‘ ENAC “Reglamento de Evaluaciön y Certificaciön de la Seguridad de las T.I.C.” at PRE/2740/2007, September 19th. GERTIFICAGION The above-mentioned Security Target and Certification Report are available at the National Cryptologic Centre. The IT product identified in this certificate has been evaluated at an accredited and licensed/approved evaluation facility using the Common Methodology for IT Security Evaluation, version 3.1.R5 and CC Supporting Documents as listed in the Certification Report, for conformance to the Common Criteria for IT Security Evaluation, version 3.1.R5. This certificate applies only to the specific version and release of the product in its evaluated configuration and in conjunction with the complete Certification Report. The evaluation has been conducted in accordance with the provisions of the Spanish IT Security Evaluation and Certification Scheme, PRE/2740/2007 September the 19th, and the conclusions of the evaluation facility in the evaluation technical report are consistent with the evidence adduced. This certificate is not an endorsement of the IT product by the Spanish Scheme or by any other organisation that recognises or gives effect to this certificate, and no warranty of the IT product by the Spanish Scheme or by any other organisation that recognises or gives effect to this certificate, is either expressed or implied.