Product Type:
Network and Network Related Devices and Systems

Assurance Level: EAL 1+ ALC_FLR.3

CC Scheme: AISEP

Evaluation Facility: stratsec

Developer: Microsoft Pty Ltd.

Vendor:
Microsoft Pty Ltd.
One Microsoft Way,
Redmond, WA 98052, USA  

Contact:
Amy Blumenfield                            
Senior Program Manager Exchange Server Group

Phone: +1 (425) 706-7625

Email: amyblu@microsoft.com

Web:                     http://www.microsoft.com/exchange/2010/en/us/default.aspx

The target of evaluation (TOE) is Microsoft’s Exchange 2010 Enterprise (English) 64-bit (known as Exchange 2010). The TOE is an e-mail and collaboration server that provides secure access to personal and shared data for a variety of clients using various protocols.

The evaluation scope includes the following security functions and features:

• Connection filtering. Protects from unwanted spam or Unsolicited Commercial E-mail (UCE) by blocking messages from specified IP addresses.
• Message filtering. Filters potential spam messages based on Administrator configured SMTP filters, including local and third party block/allow lists.
• Attachment filtering. Provides a mechanism to filter potentially harmful attachments from external networks.
• Transport filtering. Allows the administrator to define mail policies to prevent specific internal and/or external users from emailing each other.
• Access control. Protects mailboxes and public folders from unauthorized access.
• Identification and authentication. Provides identification and authentication mechanism for the Outlook Voice Access functionality in cases where Outlook Voice Access is not secured by the use of the TLS protocol.
• Distribution group restriction. Requires users sending mail to a distribution group to be successfully authenticated and to be authorized.
• Remote device wipe. Provides the ability for an administrator to issue a command to wipe a managed Windows Mobile device in the event that the device may have been compromised.