Home    About us    Contact    Press    Legal Notice    Privacy Policy   
 Hardware & Software Evaluation 
Evaluation Body for IT Security
Microsoft Corp.  

Microsoft Exchange Server 2007 EE SP2 Common Criteria Certification (BSI-DSZ-CC-0436-2009)

Microsoft Exchange Server 2007 Enterprise Edition SP2 has passed Common Criteria Evaluation Assurance Level 4+ (EAL 4+).

The certification work has been performed by the Federal Office for Information Security (BSI), the Common Criteria certification body of the German government and TÜViT Evaluation Body for IT security which evaluates products worldwide according to the ITSEC and the Common Criteria (CC).

Microsoft Exchange Server 2007 EE SP2 certification report is available for reading from the BSI website and from this page.

This site contains information and downloads for the certified version. It provides links to the Security Target which lists the security and assurance claims certified by the evaluation, to additional guidance documentation and other required files.

Steps in order to ensure the integrity of Exchange Server 2007 EE SP2

Please perform the following steps in order to ensure the integrity of your downloads from this website:

  1. Download the FCIV tool [1] from Microsoft. The SHA1 value of this download is
    99fb35d97a5ee0df703f0cdd02f2d787d6741f65 (hex)
    and shall be verified before executing the download. This can be done using any tool capable of calculating SHA-1 values. While running the file you have to enter a destination folder where the FCIV executable should be extracted to.
  2. Download the
    • Integrity Check Validation Data [2],
    • CC Guidance Addendum [3],
    • Exchange Server 2007 Guidance [4], and
    • Exchange Server 2007 SP2 [5]
    to the directory where FCIV Tool has been extracted.
  3. Extract the Integrity Check Validation Data archive to the directory where FCIV Tool has been extracted.
  4. Verify that the folder contains the following files:
    • E2K7EN64.xml
    • E2K7SP2EN64.xml
    • integritycheck_ee_ENU.cmd
    • integritycheck_sp2_ENU.cmd
    • fciv.exe
    • E2K7SP2EN64.exe
  5. Insert the Exchange Server DVD that requires validation into the DVD Drive X: (where X: is your DVD-ROM drive)
  6. Open a command window and change to the folder where the validation files are located. Then, type the following to validate Exchange Server 2007:
       integritycheck_ee_ENU.cmd X:
  7. After Exchange Server 2007 DVD has been sucessfully validated type the following to verify the integrity of Exchange Server 2007 SP2:
  8. If the DVD/file cannot be validated as an authentic DVD/file, a message will be displayed, indicating that the DVD/file is not authentic. The integritycheck.log file, listing the failure details, will be created in the folder with the original files.
    If the DVD/file is correctly validated, the following message will be displayed:
       The ... is an authentic <product name>
  9. After the final verification steps have been finished follow the Exchange 2007 CC Guidance Addendum for the installation and configuration of the TOE (Target of Evaluation; for details see Security Target).


[1] FCIV Tool
The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values.
[2] Integrity Check Validation Data
This file contains hash values in form of XML files that can be used to verify the integrity of the product and command files for easier usage.
[3] CC Guidance Addendum
This document provides guidance information to be used with and modifies the guidance documentation specifically for the operation and use of the Common Criteria version.
[4] Exchange Server 2007 Guidance
This is the Exchange Server 2007 helpfile which contains the main documentation.
[5] Exchange Server 2007 SP2
Exchange Server 2007 Service Pack 2 is required to update Exchange 2007 to the evaluated version.
Permalink for this page: https://secure.tuvit.de/?id=exchange2007


Exchange Server 2007 EE SP2

Downloads from TÜVIT website

Integrity Check Validation Data
CC Guidance Addendum
Exchange Server 2007 Guidance

Downloads from Microsoft website

Exchange Server 2007 SP2

Downloads from BSI website

Security Target
Certification Report

© 2010 TÜV Informationstechnik GmbH - Member of TÜV NORD Group