Compliant Product - Aruba Remote Access Points and Aruba Mobility Controllers with ArubaOS 8.10
Certificate Date: 2023.11.20CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11403-2023
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
PP-Module for Virtual Private Network (VPN) Gateways Version 1.2
CC Testing Lab: Lightship Security USA, Inc.
Administrative Guide: COMMON CRITERIA CONFIGURATION GUIDANCE ARUBA OS 8.10 SUPPLEMENTAL GUIDANCE
Administrative Guide: ArubaOS 188.8.131.52 User Guide
Administrative Guide: Aruba 303H Series Hospitality Access Points Installation Guide
Administrative Guide: Aruba 503H Hospitality Access Points Installation Guide
Administrative Guide: Aruba AP-505H Access Points Installation Guide
Administrative Guide: Aruba 7200 Series Controller
Administrative Guide: ARM Messages
Administrative Guide: ArubaOS 8.x Command-Line Interface
Administrative Guide: Aruba 9004 Gateway
The TOE is a distributed network security solution offered by Aruba, a Hewlett Packard Enterprise company and is comprised of Aruba Remote Access Points (RAP) and an Aruba Mobility Controller (each with an embedded ArubaOS). The TOE devices are running ArubaOS 8.10. The Mobility Controller provides VPN gateway functionality for gateway-to-gateway VPN connections. The RAP and Mobility Controller communicate via IPsec.
The distributed TOE aligns with Use Case 3 per CPP_ND_V2.2E where cPP requirements cannot be fulfilled without the Management Component. The Management Component is fulfilled by the Aruba Mobility Controller, and the Network Device Component is fulfilled by Aruba RAPs.
The TOE is deployed in a distributed configuration with the Aruba RAPs providing connectivity for wireless clients in a branch deployment, and the Aruba Mobility Controller serving as a gateway between wired and wireless networks as well as command and control functionality over Aruba RAPs. The physical boundary of the TOE includes the Aruba hardware components listed in the table below and executing the ArubaOS 8.10 software.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when configured as identified in the Common Criteria Configuration Guidance ArubaOS 8.10 Supplemental Guidance (Target of Evaluation: Aruba Remote Access Points with Mobility Controllers running ArubaOS 8.10-FIPS), Version 2.3, November 2023, satisfies all of the security functional requirements stated in the Aruba Remote Access Points and Aruba Mobility Controllers with ArubaOS 8.10 Security Target, v1.6, November 2023. The project underwent CCEVS Validator review. The evaluation was completed in November 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11403-2023) prepared by CCEVS.
The TOE provides the following security functions:
a) Security Audit. The TOE generates logs for security relevant events including startup and shutdown of the TOE and all administrative actions. Logs are stored locally on the Mobility Controller to be accessed by an administrator or can be configured to be sent via syslog to a remote server in the operational environment.
b) Cryptographic Support. The TOE implements key generation, establishment, and other cryptographic services to protect data in transit and at rest within the TOE. In support of cryptographic functions, the TOE implements two cryptographic modules that perform all IPsec/IKE session operations, and functions that support all SSH, HTTPS, and TLS operations. The relevant Cryptographic Algorithm Validation Program (CAVP) certificates have been obtained for the necessary components.
c) Communication. The TOE is a distributed configuration consisting of an Aruba Mobility Controller and Aruba RAPs. The Security Administrator must enable communications between the RAPs and Controller TOE components before any communication can take place. The RAPs must be configured with an appropriate RSA or ECDSA certificate and the IP address of the Aruba Mobility Controller.
d) Identification and Authentication. The TOE implements mechanisms to identify and authenticate administrators to ensure only authorized access to TOE functionality or TSF data is granted. These mechanisms can also be implemented using RADIUS or TACACS+ servers within the operational environment.
e) Security Management. The TOE provides the administrator role with the capability to configure and manage all TOE security functions including cryptographic operations, user accounts, passwords, an advisory banner, session inactivity, and TOE updates. The management functions are restricted to the administrator role which must be assigned to an administrative user or access to these functions will be denied.
f) Packet Filtering. The TOE acts as a VPN gateway – a device at the edge of a private network that terminates an IPsec tunnel, which provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network. The TOE provides packet filtering for gateway-to-gateway VPN connections. Administrators can configure security policies that determine whether to block, allow, or log a session based on traffic attributes such as source and destination port, IP address or service.
g) Protection of the TSF. The TOE implements a variety of protection mechanisms including authentication, self-tests, and reliable timestamping that leverages an internal hardware clock, or synchronization with an NTP server. Passwords are stored on flash using SHA1 hashes and the TOE does not provide an interface that allows for passwords or keys to be read. Confidentiality and integrity are provided for all communications between TOE components via IPsec.
h) TOE Access. The TOE provides session monitoring and management functions for local and remote administrative sessions. A warning banner is displayed at the management interfaces (Web GUI and CLI) to advise users on appropriate use and penalties for misuse of the system.
i) Trusted Path/Channels. The TOE provides secure channels between itself and local/remote administrators, including logging channels to ensure data in transit is protected. IPsec is implemented to provide encrypted channels between Mobility Controllers and third-party trusted IT entities in the operating environment. The TOE also uses IPsec to encrypt communications between TOE components and for all VPN connections. Remote Web UI access is protected with TLS/HTTPS, and CLI access is protected via SSHv2.
Aruba, a Hewlett Packard Enterprise Company