Aruba Mobility Controller Virtual Appliances with ArubaOS FIPS Firmware

Certificate #4630

Webpage information ?

Status active
Validation dates 05.10.2023
Sunset date 26-10-2025
Standard FIPS 140-2
Security level 1
Type Firmware
Embodiment Multi-Chip Stand Alone
Caveat When operated in FIPS mode. When installed, initialized and configured as specified in Section 8 of the Security Policy
Exceptions
  • Roles, Services, and Authentication: Level 2
  • Mitigation of Other Attacks: N/A
Description Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services.
Version (Firmware) ArubaOS 8.10.0.2-FIPS
Tested configurations
  • ArubaOS 8.10.0.2-FIPS on ESXi 6.5 running on an HPE ProLiant ML110 Gen10 with an Intel Xeon Silver with PAA
  • ArubaOS 8.10.0.2-FIPS on ESXi 6.5 running on an HPE ProLiant ML110 Gen10 with an Intel Xeon Silver without PAA
Vendor Aruba, a Hewlett Packard Enterprise company
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Document information ?

Security policy

Symmetric Algorithms
AES, AES-, RC4, DES, Triple-DES, HMAC, HMAC-SHA-256, HMAC-SHA-512, HMAC-SHA-384
Asymmetric Algorithms
RSA 2048, ECDH, ECDSA, ECC, Diffie-Hellman, DH, DSA
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA256, SHA384, MD5
Schemes
Key Exchange, Key Agreement
Protocols
SSH, SSL, TLS, TLSv1.0, TLSv1.2, IKEv2, IKEv1, IKE, IPsec, VPN
Randomness
DRBG
Libraries
OpenSSL
Elliptic Curves
P-256, P-384
Block cipher modes
ECB, CBC, CTR, GCM, CCM

Security level
Level 1, level 1, level 2

Standards
FIPS 140-2, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 186-2, FIPS 180-4, SP 800-38A, SP 800-38D, SP 800-133, SP 800-90A, SP 800-56A, SP 800-135, SP 800-56C, SP 800-108, SP 800-67, SP 800-38F, SP 800-52, PKCS1, PKCS#1, RFC 5246, RFC 7296, X.509

File metadata

Creation date: D:20231003150315-04'00'
Modification date: D:20231003150315-04'00'
Pages: 39

References

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 06.11.2023 The certificate data changed.
    Certificate changed

    The web extraction data was updated.

    • The certificate_pdf_url property was set to https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf.
  • 01.11.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4630,
  "dgst": "2de9b960babeff3d",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KDA#A2690",
        "DSA#A2689",
        "RSA#A2689",
        "SHS#A2690",
        "CVL#A2690",
        "KAS-SSC#A2690",
        "AES#A2689",
        "KAS#A2690",
        "KAS-SSC#A2689",
        "AES#A2690",
        "ECDSA#A2689",
        "SHS#A2688",
        "RSA#A2690",
        "HMAC#A2689",
        "CVL#A2689",
        "DRBG#A2690",
        "SHS#A2689",
        "KTS#A2690",
        "ECDSA#A2690",
        "DSA#A2690",
        "HMAC#A2690",
        "RSA#A2688",
        "KBKDF#A2690"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "8.10.0.2"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 2
          },
          "ECDH": {
            "ECDH": 2
          },
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DH": {
            "DH": 4,
            "Diffie-Hellman": 22
          },
          "DSA": {
            "DSA": 5
          }
        },
        "RSA": {
          "RSA 2048": 4
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 6
        },
        "CCM": {
          "CCM": 1
        },
        "CTR": {
          "CTR": 4
        },
        "ECB": {
          "ECB": 2
        },
        "GCM": {
          "GCM": 7
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {
        "OpenSSL": {
          "OpenSSL": 4
        }
      },
      "crypto_protocol": {
        "IKE": {
          "IKE": 18,
          "IKEv1": 15,
          "IKEv2": 17
        },
        "IPsec": {
          "IPsec": 7
        },
        "SSH": {
          "SSH": 17
        },
        "TLS": {
          "SSL": {
            "SSL": 1
          },
          "TLS": {
            "TLS": 41,
            "TLSv1.0": 1,
            "TLSv1.2": 1
          }
        },
        "VPN": {
          "VPN": 7
        }
      },
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 5
        },
        "KEX": {
          "Key Exchange": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 32,
          "P-384": 22
        }
      },
      "eval_facility": {},
      "fips_cert_id": {},
      "fips_certlike": {
        "Certlike": {
          "AES CTR 256": 1,
          "AES-CBC5": 1,
          "AES-CBC7": 1,
          "AES-GCM4": 1,
          "AES-GCM6": 1,
          "Certificate RSA": 1,
          "DRBG1": 1,
          "HMAC (384": 1,
          "HMAC SHA-1": 1,
          "HMAC- SHA-256": 3,
          "HMAC- SHA-512": 1,
          "HMAC- SHA1-96": 1,
          "HMAC- SHA256": 1,
          "HMAC- SHA384": 1,
          "HMAC-SHA- 384": 6,
          "HMAC-SHA-1": 11,
          "HMAC-SHA-1 (160": 1,
          "HMAC-SHA-256": 8,
          "HMAC-SHA-384": 2,
          "HMAC-SHA-512": 6,
          "HMAC-SHA-512 128": 2,
          "HMAC-SHA-5128": 2,
          "HMAC-SHA1": 8,
          "PKCS#1": 2,
          "PKCS1": 8,
          "RSA 2048": 4,
          "RSA PKCS#1": 2,
          "SHA- 1": 1,
          "SHA- 384": 4,
          "SHA-1": 17,
          "SHA-12": 1,
          "SHA-13": 1,
          "SHA-256": 18,
          "SHA-384": 3,
          "SHA-512": 6,
          "SHA1-96": 1,
          "SHA2-256": 13,
          "SHA2-384": 7,
          "SHA2-512": 7,
          "SHA256": 1,
          "SHA384": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 1": 49,
          "level 1": 2,
          "level 2": 1
        }
      },
      "hash_function": {
        "MD": {
          "MD5": {
            "MD5": 4
          }
        },
        "SHA": {
          "SHA1": {
            "SHA-1": 17
          },
          "SHA2": {
            "SHA-256": 18,
            "SHA-384": 3,
            "SHA-512": 6,
            "SHA256": 1,
            "SHA384": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 26
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140-2": 66,
          "FIPS 180-4": 3,
          "FIPS 186-2": 1,
          "FIPS 186-4": 5,
          "FIPS 197": 3,
          "FIPS 198-1": 2
        },
        "NIST": {
          "SP 800-108": 1,
          "SP 800-133": 2,
          "SP 800-135": 2,
          "SP 800-38A": 2,
          "SP 800-38D": 1,
          "SP 800-38F": 4,
          "SP 800-52": 1,
          "SP 800-56A": 9,
          "SP 800-56C": 3,
          "SP 800-67": 2,
          "SP 800-90A": 2
        },
        "PKCS": {
          "PKCS#1": 2,
          "PKCS1": 4
        },
        "RFC": {
          "RFC 5246": 1,
          "RFC 7296": 2
        },
        "X509": {
          "X.509": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 16,
            "AES-": 2
          },
          "RC": {
            "RC4": 2
          }
        },
        "DES": {
          "3DES": {
            "Triple-DES": 9
          },
          "DES": {
            "DES": 5
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 9,
            "HMAC-SHA-256": 4,
            "HMAC-SHA-384": 1,
            "HMAC-SHA-512": 4
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20231003150315-04\u002700\u0027",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ActionId": "be116f94-097d-4e65-b22b-533f66241aea",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_ContentBits": "0",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Enabled": "true",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Method": "Privileged",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_Name": "Unrestricted",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SetDate": "2023-09-12T15:37:58Z",
      "/MSIP_Label_c968a81f-7ed4-4faa-9408-9652e001dd96_SiteId": "b64da4ac-e800-4cfc-8931-e607f720a1b8",
      "/ModDate": "D:20231003150315-04\u002700\u0027",
      "pdf_file_size_bytes": 691522,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35300__;!!NpxR!mIa2Bc3MOCQYgIqZdnlHt_SAAgkzoy56jN4Paqz-3DMgGvrFTfQ5aMilAprrIoQJ2UdBdcBEa-HBMFEYK_Ouo69k1U4WeZk$",
          "https://www.arubanetworks.com/",
          "https://csrc.nist.gov/projects/cryptographic-module-validation-program",
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35299__;!!NpxR!mIa2Bc3MOCQYgIqZdnlHt_SAAgkzoy56jN4Paqz-3DMgGvrFTfQ5aMilAprrIoQJ2UdBdcBEa-HBMFEYK_Ouo69kl7dKpbY$",
          "https://urldefense.com/v3/__https:/csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=35301__;!!NpxR!mIa2Bc3MOCQYgIqZdnlHt_SAAgkzoy56jN4Paqz-3DMgGvrFTfQ5aMilAprrIoQJ2UdBdcBEa-HBMFEYK_Ouo69kpUm2UDM$",
          "http://www.arubanetworks.com/open_source",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html",
          "https://asp.arubanetworks.com/downloads;fileTypes=DOCUMENT;products=Aruba%20Mobility%20Controllers%20%28AOS%29"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 39
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "4790bacf7ecdf16033d488d8e3ae6fcfc047fd8980db9fc77f0ba9b852ff75e7",
    "policy_txt_hash": "18a594a50cee062fec218f4c8cc181b2624bd24ac8f26a092bf287e86232ac4c"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When operated in FIPS mode. When installed, initialized and configured as specified in Section 8 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/October 2023_011123_0711.pdf",
    "date_sunset": "2025-10-26",
    "description": "Aruba\u0027s family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Roles, Services, and Authentication: Level 2",
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "ArubaOS 8.10.0.2-FIPS",
    "historical_reason": null,
    "hw_versions": null,
    "level": 1,
    "mentioned_certs": {},
    "module_name": "Aruba Mobility Controller Virtual Appliances with ArubaOS FIPS Firmware",
    "module_type": "Firmware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": [
      "ArubaOS 8.10.0.2-FIPS on ESXi 6.5 running on an HPE ProLiant ML110 Gen10 with an Intel Xeon Silver with PAA",
      "ArubaOS 8.10.0.2-FIPS on ESXi 6.5 running on an HPE ProLiant ML110 Gen10 with an Intel Xeon Silver without PAA"
    ],
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-10-05",
        "lab": "LEIDOS CSTL",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Aruba, a Hewlett Packard Enterprise company",
    "vendor_url": "http://www.arubanetworks.com"
  }
}