NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Aruba Remote Access Point Version 6.5.0-FIPS

Certificate Date:  2017.02.26

Validation Report Number:  CCEVS-VR-VID10766-2017

Product Type:    Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for IPsec Virtual Private Network (VPN) Clients Version 1.4

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The Target of Evaluation (TOE) is the Aruba Remote Access Point Version 6.5.0-FIPS. 

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme.  The product was evaluated at an Evaluated Assurance Level EAL1.  The criteria against which the Aruba Remote Access Point Version 6.5.0-FIPS was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.   The product, when delivered and configured as identified in the Aruba VPN Client Protection Profile, Common Criteria Configuration Guide Version 1.3, November 2016 document, satisfies all of the security functional requirements stated in the Aruba Remote Access Point Version 6.5.0-FIPS Security Target, v1.0, 09 February 2017.    The project underwent CCEVS Validator review.  The evaluation was completed in November 2016.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Cryptographic Support

The TOE is a FIPS certified cryptographic module: the ArubaOS 6.5.0-FIPS (cert #2182).    The cryptographic module only employs FIPS-Approved DRBG, key generation, establishment, zeroization, encryption, digital signature, and hashing algorithms as specified by the FCS requirements.

User Data Protection

The TOE ensures that any data packets passing through do not inadvertently contain any residual information that might be disclosed inappropriately.

Identification and Authentication

Remote authentication for the TOE is provided by RSA or ECDSA certificate-based RAP provisioning.   The TOE supports Distinguished Name (DN) peer identifiers for certificate-based peer authentication.    The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for IPsec sessions.

Security Management

The administrator may configure the TOE via a WebUI or CLI interface on the RAP to specify the IP address of the Aruba Master Controller, loading and managing certificates, and the identification of client credentials to be used for connections in order to establish an IPsec VPN connection.

The TOE is managed by an administrator via the Aruba Master Controller (i.e. the VPN Gateway) to configure the VPN tunnel and all security functions identified in this Security Target.

Protection of the TSF

The TOE provides self-tests to ensure the correct operation of the cryptographic functions and TSF hardware. The TOE verifies the integrity of stored TSF executable code when it is loaded for execution.

The TOE includes mechanisms so that the administrator can determine the TOE version and update the TOE securely using digital signatures and published hashes.

Trusted Path/Channels

The TOE initiates an IPsec tunnel with the remote Aruba Master Controller.

Vendor Information

Aruba, a Hewlett Packard Enterprise company
Steve Weingart
512 319 2480
Site Map              Contact Us              Home