The HPE Aruba Networking ClearPass Policy Manager platform provides role- and device-based network access control for employees, contractors and guests across any wired, wireless and VPN infrastructure. ClearPass implements profiling, onboarding, guest access, and health checks facilitating centralized management of network access policies. The network services are the focus of this evaluation and other services are not evaluated.
\r\nAdditional information about the supported network access control capabilities can be found in the ClearPass Policy Manager data sheet (https://www.arubanetworks.com/assets/ds/DS_ClearPass_PolicyManager.pdf); however, for the purpose of evaluation, ClearPass will be treated as a network infrastructure device offering CAVP tested cryptographic functions, security auditing, secure administration, trusted updates, self-tests, and secure connections to other servers (e.g., to transmit audit records).
","evaluation_configuration":"There are four TOE appliance models designed to support different numbers of client devices. Each platform differs in CPU performance (e.g., number of cores), available memory, disk performance and storage capacity, and power consumption/supply.
\r\n| \r\n\r\n | \r\n\r\n CPU \r\n | \r\n
| \r\n N1000 \r\n | \r\n\r\n Intel Atom C3758R (Denverton) \r\n | \r\n
| \r\n N3000 \r\n | \r\n\r\n AMD EPYC 9004 Series EPYC 9124 (Zen 4 (Genoa)) \r\n | \r\n
| \r\n N3001 \r\n | \r\n\r\n AMD EPYC 9004 Series EPYC 9124 (Zen 4 (Genoa)) \r\n | \r\n
| \r\n Cx000V \r\n | \r\n\r\n ESXi 7.0 on Intel Xeon E-2254ML (Coffee Lake) \r\n | \r\n
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Common Criteria Configuration Guidance HPE Aruba Networking Clearpass Policy Manager 6.11, Version 6.1, April 2025 and ClearPass Policy Manager 6.11.x User Guide, Version 1, March 2025 documents, satisfies all of the security functional requirements stated in the HPE Aruba Networking ClearPass Policy Manager 6.11 Security Target, Version 1.0, April 15, 2025. The project underwent CCEVS Validator review. The evaluation was completed in April 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11548-2025) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of the Aruba ClearPass Policy Manager 6.11 are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Security audit:
\r\nThe TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated syslog server.
\r\nCryptographic support:
\r\nThe TOE includes a version of Hewlett Packard Enterprise OpenSSL Cryptographic Module on Red Hat Enterprise Linux that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher-level cryptographic protocols including IPsec, SSH, and TLS/HTTPS.
\r\nIdentification and authentication:
\r\nThe TOE offers no TSF-mediated functions except display of a login banner until the administrator is identified and authenticated. The TOE authenticates administrative users accessing the TOE via the command-line interface (local serial console or SSH) or web interface (Web UI) in the same manner using its own password-based authentication mechanism. The TOE also supports public-key based authentication of users through the SSH-based CLI interface and supports certificate authentication for the Web UI.
\r\nThe TOE supports certificate authentication for TLS and IPsec and supports pre-shared key authentication for IPsec connections. The TOE uses X.509v3 certificates and validates received authentication certificates. OCSP is supported for X509v3 certificate validation.
\r\nSecurity management:
\r\nThe TOE provides Command Line (CLI) commands (locally via a serial console or remotely via SSH) and a Web-based Graphical User Interface (Web GUI) to access the available functions to manage the TOE security functions. Security management commands are limited to authorized users (i.e., administrators) only after they have been correctly identified and authenticated. The security management functions are controlled through the use of Admin Privileges that can be assigned to TOE users.
\r\nProtection of the TSF:
\r\nThe TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.
\r\nIt protects particularly sensitive data such as stored passwords and private cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for audit records).
\r\nThe TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
\r\nTOE access:
\r\nThe TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.
\r\nTrusted path/channels:
\r\nThe TOE protects interactive communication with administrators using a console and SSHv2 for CLI access and TLS/HTTPS for Web UI access. In each case, both the integrity and disclosure protection are ensured via the secure protocol. If the negotiation of a secure session fails or if the user cannot be authenticated for remote administration, the attempted session will not be established.
\r\nThe TOE protects communication with network peers, such as a syslog server or NTP server, using IPsec connections to prevent unintended disclosure or modification of traffic over the trusted channel.
","features":[{"id":3269,"feature_name":"Asymmetric Key Generation"},{"id":3342,"feature_name":"Auditing"},{"id":3272,"feature_name":"Cryptographic Hashing"},{"id":3270,"feature_name":"Cryptographic Key Establishment"},{"id":3271,"feature_name":"Cryptographic Signature Verification"},{"id":3268,"feature_name":"DRBG"},{"id":3341,"feature_name":"Flaw Remediation"},{"id":3273,"feature_name":"Keyed-hash message authentication"},{"id":3267,"feature_name":"SSH Server"}]}