External Security Testing and Accreditation

Aruba invests heavily in independent third-party security testing of its products. While the majority of this testing is relevant to (and required by) government agencies, it has value to all types of users. In some cases, organizations may choose to rely on recognized security testing authorities rather than conducting their own product testing.

Common Criteria

ClearPass was awarded Common Criteria certification under both the Network Device collaborative Protection Profile (NDcPP) and the Authentication Server Extended Package.

FIPS 140-2

The Federal Information Processing Standard (FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.) 140-2 is a system for testing and certifying cryptographic modules. As part of this testing, a laboratory accredited by the US and Canadian governments examines design documentation, source code, and development practices, in addition to conducting extensive testing of cryptographic functions.

Products that implement FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 validated cryptography are assured to be using cryptography correctly. http://csrc.nist.gov/groups/STM/cmvp/standards.html

When operating in FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode, ClearPass Policy Manager, Guest and Onboard are FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 compliant because they incorporate a FIPSFederal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.-validated module, which provides all cryptography functions for the application. ClearPass incorporates the Aruba Linux Cryptographic Module which implements full and approved cryptographic algorithm support, including Suite B algorithm compliance, for Aruba products. It provides secure key management, data integrity, data at rest encryption, and secure communications.

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2577Suite B cryptograph

Suite B cryptographic support

ClearPass Policy Manager and RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server include Suite B cryptographic support.

Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting National Security Systems (NSS). Suite B includes cryptographic algorithms for encryption, key exchange, digital signature, and hashing.

Algorithm

Function

Specification

Advanced Encryption Standard (AES)

Encryption

FIPS Pub 197

Elliptic Curve Diffie-Hellman (ECDH)

Key Exchange

NIST SP 800-56A

Elliptic Curve Digital Signature Algorithm (ECDSA)

Digital Signature

FIPS Pub 186-4

Secure Hash Algorithm (SHA)

Hashing

FIPS Pub 180-4

/*]]>*/