What is C2 certification and what does it mean?

The C2 certification is one level in the Trusted Computer System Evaluation Criteria (the orange book), one of a series of guides on computer security. The TCSEC described levels of security for computing devices. The thought was that with these levels, these devices could be tested, and the classifications used to help people (primarily the government and government contractors) in their purchasing decision. The levels were often written into purchasing specifications. Each level specifies areas that must be met in order to qualify, and vendors submit their equipment to third parties for testing against the criteria -? which takes time. To configure Windows NT 4.0 to meet the C2 criteria, you can use the checklist published here.

TCSEC was developed in the 1980?s in the U.S. One European criteria, Information Technology Security Evaluation Criteria (ITSEC), was developed in the 1990?s. More recently, a newer, international certification ?Common Criteria? seeks to make one evaluation system that all countries can follow. Common Criteria has replaced TCSCEC, and all current product evaluations are taking place at these levels, not at the older C2 level. You can read a short description of this process as it concerns Windows 2000 here and get into the details of Common Criteria at www.commoncriteria.org.

Download this free guide

72-Page PDF: Windows 10 Frequently Asked Questions

In this comprehensive guide, our experts answer the most frequently asked Windows 10 questions ranging from the OS itself, to migration, to user-adoption, and everything in between.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The older TCSEC certifications are still valuable. But, either way, it is important to remember that all the certiications say is that a certain system is certified if configured as it was for the test. It's up to you to determine what that means, and if it will be relevant in your situation, and not just listen to the vendor claims.