The Target of Evaluation (TOE) is HPE Aruba Networking Gateways and Mobility Controllers running software version 8.13.0. The TOE is a multi-purpose network device that includes WLAN access system, and stateful traffic filter firewall capabilities. Note that the terms gateway and mobility controller are used interchangeably.
\r\nThe HPE Aruba Networking Mobility Controller platform serves as a gateway between wired and wireless networks and provides command and control over Aruba Access Points (APs) within an Aruba dependent wireless network.
\r\nThe HPE Aruba Networking Mobility Controllers (MCs) are wireless switch hardware appliances that provide a wide range of security services and features including wireless and wired network mobility, security, centralized management, auditing, authentication, secure remote access, self-verification of integrity and operation, and stateful traffic filtering functionality.
\r\nThe ArubaOS is a suite of mobility applications that runs on all Aruba controllers and allows administrators to configure and manage the wireless and mobile user environment. The TOE is generally deployed in a configuration consisting of one or more Aruba mobility controllers (MC) and multiple HPE Aruba Networking wireless APs.
\r\nThe TOE performs stateful packet filtering on network packets processed by the TOE. Filtering rules may be applied to appliance Ethernet interfaces and to user roles (for wireless clients as described above) to allow fine grained control over network traffic.
\r\nIn an encrypted WLAN, a wireless client first associates to the Mobility Controller through an AP and then authenticates (IEEE 802.11i[1]) using credentials to obtain access to the network. The authenticated wireless client is then assigned a role based on the configuration in the Mobility Controller or the authentication server. The role, in turn, maps a set of firewall policies to the client’s session such that all wireless client traffic passes through a logical firewall component before traffic is forwarded outside of the Mobility Controller. The client’s role can also be used to determine VLAN membership.
\r\n[1] Implements 802.1X for wireless access points to address the security vulnerabilities found in WEP.
\r\nThe TOE consists of the following components:
\r\nThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the HPE Common Criteria Configuration Guidance ArubaOS 8.13.0 Supplemental Guidance, Version 3.0, October 2025 document, satisfies all of the security functional requirements stated in the HPE Aruba Networking Gateways and Mobility Controllers running software version 8.13.0 Security Target, Version 0.6, February 13, 2026. The project underwent CCEVS Validator review. The evaluation was completed in February 2026. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11646-2026) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of the HPE Aruba Networking Gateways and Mobility Controllers running software version 8.13.0 are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Security audit:
\r\nThe TOE is designed to be able to generate logs for a wide range of security relevant events including start-up and shutdown of the TOE, all administrator actions, and all events identified in Table 8 Auditable Events. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated syslog server in the operational environment.
\r\nCryptographic support:
\r\nThe TOE includes cryptographic modules that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher-level cryptographic protocols including IPsec, SSH, and TLS/HTTPS.
\r\nUser data protection:
\r\nThe TOE ensures that any data packets passing through do not inadvertently contain any residual information that might be disclosed inappropriately.
\r\nFirewall:
\r\nThe TOE performs stateful packet filtering. Filtering rules may be applied to appliance Ethernet interfaces or to user-roles (wireless clients connecting through APs are placed into user-roles). Stateful packet filter policies are applied to user-roles to allow fine grained control over wireless traffic.
\r\nIdentification and authentication:
\r\nThe TOE requires administrators to be identified and authenticated before they can access any TOE security functions. The TOE supports role-based authentication, so user accounts are assigned predefined roles which restrict them based on their assigned role. The TOE maintains these administrator and user attributes which can be defined locally with user names and passwords or can be defined in the context of local RADIUS or TACACS+ services. Authentication can be either locally or remotely through an external authentication server, or internally. Wireless clients are identified and authenticated by different authentication mechanisms such as 802.1X, etc. After an administrator-specified number of failed attempts, the user account is locked out. The TOE’s password mechanism provides configuration for a minimum password length. The TOE also protects, stores and allows authorized administrators to load X.509.v3 certificates for use to support authentication for IPsec connections.
\r\nSecurity management:
\r\nThe TOE provides the administrator role the capability to configure and manage all TOE security functions including cryptographic operations, user accounts, passwords, advisory banner, session inactivity and TOE updates. The management functions are restricted to the administrator role. The role must have the appropriate access privileges or access will be denied. The TOE’s cryptographic functions ensure that only secure values are accepted for security attributes.
\r\nProtection of the TSF:
\r\nThe TOE has its own internal hardware clock that provides reliable time stamps used for auditing. The internal clock may be synchronized with a time signal obtained from an external trusted NTP server. The TOE stores passwords on flash using a SHA1 hash and does not provide any interfaces that allow passwords or keys to be read.
\r\nThe TOE runs self-tests during power up and periodically during operation to ensure the correct operation of the cryptographic functions and TSF hardware. There is an option for the administrator to verify the integrity of stored TSF executable code.
\r\nThe TOE includes mechanisms so that the administrator can determine the TOE version and update the TOE securely using digital signatures.
\r\nTOE access:
\r\nThe TOE allows administrators to configure a period of inactivity for administrator sessions. Once that time period has been reached while the session has no activity, the session is terminated. All users may also terminate their own sessions at any time. A warning banner is displayed at the management interfaces (Web GUI and CLI) to advise users on appropriate use and penalty for misuse of system.
\r\nIn order to limit access to the administrative functions, the TOE can be configured to deny WLAN clients based on the time/date, IP address (location), as well as information retained in a blacklist.
\r\nTrusted path/channels:
\r\nThe TOE uses IPsec to provide an encrypted channel between itself and third-party trusted IT entities in the operating environment including external syslog server, external authentication server, and NTP server.
\r\nThe TOE also provides a protected communication path between itself and wireless users. The TOE protects communication with wireless clients using WPA3 and WPA2 with 802.1x EAP-TLS.
\r\nThe TOE secures remote communication with administrators by implementing TLS/HTTPS for remote Web UI access and SSHv2 for CLI access. In each case, both the integrity and disclosure protection is ensured via the secure protocol. If the negotiation of a secure session fails or if the user cannot be authenticated for remote administration, the attempted session will not be established.
","features":[{"id":172,"feature_name":"Asymmetric Key Generation"},{"id":163,"feature_name":"Auditing"},{"id":180,"feature_name":"Certificate Authentication"},{"id":177,"feature_name":"Certificate Validation"},{"id":175,"feature_name":"Cryptographic Hashing"},{"id":174,"feature_name":"Cryptographic Key Establishment"},{"id":167,"feature_name":"EAP-TLS"},{"id":162,"feature_name":"Firewall"},{"id":181,"feature_name":"IKEv1"},{"id":182,"feature_name":"IKEv2"},{"id":179,"feature_name":"IPsec"},{"id":164,"feature_name":"Key Destruction"},{"id":176,"feature_name":"Keyed-hash message authentication"},{"id":168,"feature_name":"RadSec"},{"id":165,"feature_name":"SSH Server"},{"id":183,"feature_name":"TLS 1.2"},{"id":178,"feature_name":"TLS Server without Mutual Authentication"},{"id":169,"feature_name":"Wi-Fi 6"},{"id":166,"feature_name":"WLAN Access System"},{"id":171,"feature_name":"WPA2"},{"id":170,"feature_name":"WPA3"}]}