News | August 6, 2008

Aruba Networks Is The First Wireless LAN Vendor To Obtain Common Criteria Certification

Sunnyvale, CA - Aruba Networks, Inc., a global leader in wireless LANs and secure unified mobility solutions, recently announced that it is the first wireless LAN supplier to be awarded a Common Criteria EAL-2 certificate for its Wi-Fi solutions. EAL-2 certification is a mandatory prerequisite for many high security applications, and is often required in tandem with validation to Federal Information Processing Standard (FIPS) 140-2 for cryptographic security and compliance with Department of Defense (DoD) Directive 8100.2 security policies for wireless technologies. Aruba is the only wireless LAN vendor to meet EAL-2, FIPS 140-2, and Directive 8100.2 requirements. Accordingly, the company's adaptive wireless LAN and identity-based security solutions are able to address a wide range of new domestic and international government, financial, and commercial applications.

The Common Criteria, also known as ISO standard 15408, addresses the protection of assets from unauthorized disclosure, modification, or loss of use arising from both intentional and unintentional causes. It both defines a set of security functionality requirements for IT hardware, software, and firmware products, and, through a rigorous evaluation process, ensures that those requirements have been satisfied. Users turn to the Common Criteria as a guide for the procurement of IT products with security functionality because certified products have validated functionality meeting a well-defined set of criteria.

The FIPS 140-2 standard specifies the cryptographic security requirements for sensitive but unclassified information. The standard defines multiple levels of security that correspond with the wide range of potential applications and environments in which such systems may be employed.

DoD Directive 8100.2 spells out policies for deploying and monitoring secure wireless networks comprised of commercial wireless devices, services, and technologies in the DoD Global Information Grid. Among other criteria, Directive 8100.2 requires data encryption, strong authentication, non-repudiation, personal identification, and use of the 802.11i Wi-Fi security standard.

"The absence of Common Criteria certification is a showstopper for Federal customers and other high-security vertical markets, such as finance," said Greg Young, Research VP at Gartner, Inc. "One of the most significant benefits of Common Criteria evaluations is that the documentation requirements force vendors to implement strict change management and release controls, which can minimize -- but not eliminate -- the serious and valid concern of vulnerabilities being introduced post-evaluation. Given this rigor, evaluated products should have fewer vulnerabilities over time than their non-evaluated peers. However, do not assume that good cryptography is included in a Common Criteria evaluation. FIPS 140-2 is a widely accepted and successful standard for evaluating cryptographic modules, and ensures the correctness of cryptography."

Aruba's unified mobility solutions securely deliver networks to users by integrating adaptive wireless LANs, identity-based security, application continuity services, and multi-vendor network management into a cohesive, high-performance system. Adaptive wireless LANs deliver follow-me connectivity to roaming users, support standard Wi-Fi clients, and deliver high-speed data, toll-quality voice, and streaming video applications. Aruba's identity-based security associates policies with users instead of ports, delivering follow-me security that enhances mobility without compromising security.

"Our indoor and outdoor adaptive wireless LANs have drawn considerable interest from prospective domestic and international users with high security requirements for whom FIPS 140-2 validation by itself is insufficient," said Dave Logan, Aruba's General Manager of Federal Solutions. "These users require a combination of Common Criteria certification, FIPS 140-2 validation, and Directive 8100.2 compliance. With these in hand we can bring the same mobility and efficiency benefits to high security users as we do to general enterprise customers. It was not a simple task to meet these requirements and we are very pleased to be the first wireless LAN vendor to have done so."

About Aruba Networks
People move. Networks must follow. Aruba securely delivers networks to users, wherever they work or roam. Our unified mobility solutions include Wi-Fi networks, identity-based security, remote access and cellular services, and centralized multi-vendor network management to enable the Follow-Me Enterprise that moves in lock-step with users:

Follow-Me Connectivity: Adaptive 802.11a/b/g/n Wi-Fi networks optimize themselves to ensure that users are always within reach of mission-critical information;
Follow-Me Security: Identity-based security assigns access policies to users, enforcing those policies whenever and wherever a network is accessed;
Follow-Me Applications: Remote access solutions and cellular network integration ensure uninterrupted access to applications as users move;
Follow-Me Management: Multi-vendor network management provides a single point of control while managing both legacy and new wireless networks from both Aruba and its competitors.

The cost, convenience, and security benefits of our unified mobility solutions are fundamentally changing how and where we work. Listed on the NASDAQ and Russell 2000 Index, Aruba is based in Sunnyvale, California, and has operations throughout the Americas, Europe, Middle East, and Asia Pacific regions. To learn more, visit Aruba at http://www.arubanetworks.com.

SOURCE: Aruba Networks, Inc.

This website uses cookies to ensure you get the best experience on our website. Learn more