NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Aruba Networks ClearPass Policy Manager

Certificate Date:  2018.01.17

Validation Report Number:  CCEVS-VR-VID10814-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0
  Extended Package for Authentication Servers Version 1.0

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Aruba ClearPass Policy Manager 6.6.8 TOE provides role- and device-based network access control across any wired, wireless and VPN infrastructure. ClearPass implements RADIUS services, as well as profiling, onboarding, guest access, and health checks facilitating centralized management of network access policies.

Evaluated Configuration

The TOE is the Aruba Networks ClearPass Policy Manager version 6.6.8 running on one of the following appliances: CP-HW-500 (JW770A), CP-HW-5K (JX921A), or CP-HW-25K (JX920A).

The ClearPass Policy Manager is a hardware network appliance and is designed to support a wide range of network, wireless and security protocols to support a wide range of clients. The evaluation is limited to the hardware network appliances and the secure communication protocols specifically identified below.

There are three versions of the ClearPass Policy Manager designed to support 500, 5000, or 25000 client devices. Each is deployed on a different commodity hardware platform that differ in CPU performance (e.g., number of cores), available memory, disk performance and storage capacity, and power consumption/supply.

·         CP-HW-500: UNICOM Engineering S-1200 R4

o    Intel Atom C2758 CPU (64-bit, 8-cores, 2.4Ghz)

o    8GB memory/ 1TB SATA hard disk

o    7 RJ-45 GbE LAN ports

·         CP-HW-5K: HPE DL20 Gen9

o    Intel Xeon E3-1240v5 CPU (64-bit, 4-cores/8-threads, 3.5Ghz)

o    16GB memory/RAID 1 with two 1TB SATA disk drives

o    1Gb 332i Ethernet Adapter 2 Ports per controller

·         CP-HW-25K: HPE DL360 Gen9

o    Two Intel Xeon E5-2620v3 CPUs (64-bit, 6-cores/12-threads, 2.4Ghz)

o    64GB memory/RAID 10 with six 600GB SAS disk drives

o    1Gb 331i Ethernet Adapter 4 Ports per controller

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the TOE is EAL 1.  The product, when delivered and configured as identified in the Common Criteria Configuration Guidance Aruba ClearPass Policy Manager 6.6.8, Version 1.2, December 2017 (Admin Guide) document, satisfies all the security functional requirements stated in the Aruba Networks ClearPass Policy Manager (NDcPP10/AuthSrvEP10) Security Target, Version 1.0, 1/16/2018 (ST).  The project underwent CCEVS Validator review.  The evaluation was completed in January 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10814-2018) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Aruba Networks ClearPass Policy Manager version 6.6.8 are realized in the security functions that it implements. Each of these security functions is summarized below.

Security Audit

The TOE is able to generate logs for a wide range of security relevant events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated syslog server.


The TOE includes an Aruba Linux Cryptographic Module that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including IPsec, SSH, and TLS/HTTPS.

Cryptographic support:

The TOE supports a wide variety of network access control functions. While implementing its network access control functions, the TOE ensures that it doesn’t inadvertently reuse network or management data. This is accomplished primarily by clearing and zero-padding of memory structures and packet buffers when allocated.

Identification and authentication:

The TOE requires administrators to be identified and authenticated before they can use functions mediated by the TOE.  Administrators can be defined locally with user names and passwords or can alternately be defined in the context of local RADIUS services. Regardless, of how the administrator is defined, they have to provide the proper user credentials when logging in to establish a session and perform security management functions.

Note that the TOE performs network access control functions that are initiated by the TOE based on its configuration (e.g., to monitor network activity or scan network entities) or may be initiated outside the TOE (e.g., to request user authentication – RADIUS– services).  Many of these functions do not require user identification or authentication, but they also do not yield any capability to perform security management functions on the TOE.

Security management:

The TOE provides Command Line (CLI) commands (locally via a serial console or remotely via SSH) and a Web-based Graphical User Interface (Web GUI) to access the available functions to manage the TOE security functions and network access control functions. Security management commands are limited to authorized users (i.e., administrators) only after they have been correctly identified and authenticated. The security management functions are controlled through the use of Admin Privileges that can be assigned to TOE users.

Protection of the TSF:

The TOE implements a number of features to protect itself and ensure the reliability and integrity of its security features.

It protects sensitive data such as stored passwords and private cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for audit records).

The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.

TOE Access

The TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.

Trusted path/channels:

The TOE protects interactive communication with administrators using a console and SSHv2 for CLI access and TLS/HTTPS for WebGUI access. In each case, both the integrity and disclosure protection is ensured via the secure protocol. If the negotiation of a secure session fails or if the user cannot be authenticated for remote administration, the attempted session will not be established.

The TOE protects communication with network peers, such as a syslog server, using IPsec connections to prevent unintended disclosure or modification of logs.

Vendor Information

Aruba Networks Inc
Steve Weingart
Site Map              Contact Us              Home