Assurance Continuity - Aruba Virtual Intranet Access (VIA) Client, Update from v4.3 to v4.4
Date of Maintenance Completion: 2023.01.24CC Certificate Validation Report Assurance Activity
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: PP-Module for VPN Client, Version 2.3
Protection Profile for Application Software Version 1.3
Original Evaluated TOE: 2022.08.31 - Aruba Virtual Intranet Access (VIA) Client v4.3
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
The TOE has been updated from VIA Client Version 4.3 to Version 4.4. Below is a summary of the changes.
Eighteen changes were identified in the IAR along with a description and given rationale. Fourteen of those changes impacted the VIA client on the evaluated platforms. The description and rationale for each were inspected and the overall Minor Change characterization was considered appropriate. None of the changes resulted in the introduction of new TOE capabilities, modification to security functions as defined in the ST, or changes to the TOE boundary. The following table includes a summary of the changes presented in the IAR that impact VIA and/or one or more of the evaluated platforms. The changes have been categorized according to Bug Fixes and Functional Updates. Changes identified in the IAR that do not impact the evaluated platforms were also reviewed and have been included at the end of the Table.
Aruba, a Hewlett Packard Enterprise Company