Last year Microsoft have submitted Forefront Threat Management Gateway (TMG) 2010 to Common Criteria certification.
The Common Criteria process is evaluated by BSI, a German Federal office for Information Security. This is one of many proves that TMG 2010 can be safely put on the edge of any network, providing the most secure user and company experience. As long as the firewall admin does not messes with the configuration. If you’re not an ISA/TMG admin, you may ask how?
Well, most of not ISA/TMG admins think and use ISA/TMG firewall machine as a workstation, surfing web from there, sharing folder (make it acting as a file server) or like a “normal” server, installing other server services on it, like Microsoft IIS (Internet Information Services).
Keep in mind a firewall is a firewall and should be treated as such! It is not different when using ISA/TMG firewall.
That said, here is the link for TMG Common Criteria document. Enjoy your TMG EAL4+ certified firewall!