Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
External Security Testing and Accreditation
Aruba invests heavily in independent third-party security testing of its products. While the majority of this testing is relevant to (and required by) government agencies, it has value to all types of users. In some cases, organizations may choose to rely on recognized security testing authorities rather than conducting their own product testing.
Common Criteria
ClearPass was awarded Common Criteria certification under both the Network Device collaborative Protection Profile (NDcPP) and the Authentication Server Extended Package.
FIPS 140-2
The Federal Information Processing Standard (FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.) 140-2 is a system for testing and certifying cryptographic modules. As part of this testing, a laboratory accredited by the US and Canadian governments examines design documentation, source code, and development practices, in addition to conducting extensive testing of cryptographic functions.
Products that implement FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 validated cryptography are assured to be using cryptography correctly. http://csrc.nist.gov/groups/STM/cmvp/standards.html
When operating in FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode, ClearPass Policy Manager, Guest and Onboard are FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. 140-2 compliant because they incorporate a FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies.-validated module, which provides all cryptography functions for the application. ClearPass incorporates the Aruba Linux Cryptographic Module which implements full and approved cryptographic algorithm support, including Suite B algorithm compliance, for Aruba products. It provides secure key management, data integrity, data at rest encryption, and secure communications.
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2577Suite B cryptograph
Suite B cryptographic support
ClearPass Policy Manager and RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server include Suite B cryptographic support.
Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting National Security Systems (NSS). Suite B includes cryptographic algorithms for encryption, key exchange, digital signature, and hashing.
Algorithm |
Function |
Specification |
---|---|---|
Advanced Encryption Standard (AES) |
Encryption |
FIPS Pub 197 |
Elliptic Curve Diffie-Hellman (ECDH) |
Key Exchange |
NIST SP 800-56A |
Elliptic Curve Digital Signature Algorithm (ECDSA) |
Digital Signature |
FIPS Pub 186-4 |
Secure Hash Algorithm (SHA) |
Hashing |
FIPS Pub 180-4 |