On Nov. 15th 2005, Exchange Server 2003 Service Pack 1 was awarded the Common Criteria Evaluation Assurance Level 4 (EAL 4+) certification, the highest level awarded to a messaging product as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). The Common Criteria (CC) certification is a globally accepted standard for evaluating the security features and capabilities of information technology products and enables IT consumers to make informed decisions about the security capabilities of IT products. Microsoft submitted Exchange Server 2003 SP1 to the CC certification evaluation process to ensure that customers would have an independent, standard validation of the security features in this product.  Achieving CC certification demonstrates a milestone toward Microsoft's commitment to provide global customers with a secure email infrastructure. 

Exchange Server 2003 customers can use this certification as an independent confirmation of the security and engineering processes that went into the design, development, manufacturing, and servicing of Exchange 2003. In addition, the Exchange 2003 Common Criteria documentation can be used to deploy Exchange 2003 in the same configuration as used during the evaluation. The Common Criteria laboratory, operated by TÜV Informationstechnik GmbH (TUViT), is an independent, accredited evaluator for evaluation under the Common Criteria and validated by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI).
 
For more background please visit:  http://www.microsoft.com/technet/prodtechnol/exchange/2003/e2k3cc.mspx.  

Additional information can be found at http://www.tuvit.de and http://www.bsi.de.