Compliant Product - Aruba Mobility Conductor with ArubaOS 8.10
Certificate Date: 2023.06.23CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11345-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Lightship Security USA, Inc.
Administrative Guide: COMMON CRITERIA CONFIGURATION GUIDANCE ARUBA OS 8.10 SUPPLEMENTAL GUIDANCE
Administrative Guide: ArubaOS 8.5.0.x Command-Line Interface
Administrative Guide: ArubaOS 188.8.131.52 Getting Started Guide
Administrative Guide: ArubaOS 184.108.40.206 User Guide
Administrative Guide: ArubaOS-220.127.116.11-Syslog-Reference-Guide
The Target of Evaluation (TOE) is the Aruba Mobility Conductor with ArubaOS 8.10. The Aruba Mobility Conductor simplifies the management of multiple Aruba controllers running ArubaOS 8 or later. Key features include a centralized dashboard to easily see and manage controllers deployed in multiple sites, a hierarchical configuration tool to pre-stage network deployments, and the ability to perform live firmware and feature upgrades during active user sessions. The addition of licensing pools simplifies the transfer of licenses between different controllers to quickly address expanded deployment needs.
The TOE is a network device that provides centralized management of multiple Aruba Mobility Controllers. The physical boundary of the TOE includes the appliance models shown in the table below executing ArubaOS 8.10 software.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when configured as identified in the ArubaOS 8.10 Supplemental Guidance (Common Criteria Configuration Guidance for Aruba Mobility Conductor with ArubaOS 8.10-FIPS), Version 2.6, June 2023, satisfies all of the security functional requirements stated in the Aruba Mobility Conductor with ArubaOS 8.10 Security Target, Version 1.2, June 2023. The project underwent CCEVS Validator review. The evaluation was completed in June 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11345-2023) prepared by CCEVS.
The TOE provides the following security functions:
a) Security Audit: The TOE generates logs of security relevant events. The TOE stores logs locally and is capable of sending log events to a remote syslog server. Log events are sent in real-time via IPsec.
b) Cryptographic Support: The TOE implements a cryptographic module. In the evaluated configuration, the TOE is in FIPS mode to support the cryptographic functionality. The TOE implements cryptographic protocols such as SSH, TLS, HTTPS, and IPsec.
c) Identification and Authentication: The TOE requires users who connect to the TOEs administrator interfaces (direct serial connection, remote CLI, and GUI) to authenticate prior to being granted access to any TOE functionality. The TOE supports the use of authentication servers via IPsec.
d) Secure Management: The TOE enables secure management of its security functions, including:
i) Local and remote administration
ii) Access banners
iii) Session inactivity and termination
iv) TOE updates
v) Management of critical security functions and data
vi) Protection of cryptographic keys and passwords
e) Protection of TSF: The TOE prevents reading of private keys and plaintext passwords by any user. The TOE synchronizes with an external time source. This date and time are used as a timestamp that is part of each audit record generated by the TOE. The TOE ensures the authenticity and integrity of software updates through digital signatures. The TOE performs a suite of self-tests to ensure the correct operation and enforcement of its security functions.
f) TOE Access: The TOE can terminate inactive sessions after configurable period. The TOE can also display specified banner on the local and remote CLI interfaces prior to allowing any administrative access to the TOE. The TOE allows users to manually terminate an established management session with the TOE.
g) Trusted Path/Channels: The TOE protects the integrity and confidentiality of communications via the following TOE interfaces: CLI via SSH; Administrative web GUI via HTTPS/TLS; authentication with a remote server via IPsec; external syslog server via IPsec; NTP server via IPsec; and management of Aruba Mobility Controllers via IPsec.
Aruba, a Hewlett Packard Enterprise Company