Aruba Networks (
News -
Alert) said it has become the “first” wireless LAN supplier to be awarded a Common Criteria EAL-2 certificate for its Wi-Fi solutions.
Considered a mandatory for high security applications, EAL-2 certification is often required along with validation to Federal Information Processing Standard (FIPS) 140-2 for cryptographic security and compliance with Department of Defense (DoD) Directive 8100.2 security policies for wireless technologies.
While the FIPS 140-2 standard specifies the cryptographic security requirements for sensitive but unclassified information, DoD Directive 8100.2 states the policies for deploying and monitoring secure wireless networks comprised of commercial wireless devices, services, and technologies in the DoD Global Information (
News -
Alert) Grid.
Aruba is a provider of wireless LANs and unified mobility solutions. The company’s unified mobility solutions include Wi-Fi networks, identity-based security, remote access and cellular services, and centralized multi-vendor network management.
The company’s adaptive wireless LANs deliver follow-me connectivity to roaming users, support standard Wi-Fi clients, and deliver high-speed data, toll-quality voice, and streaming video applications.
Aruba said that it’s the “only” wireless LAN vendor that has met EAL-2, FIPS 140-2, and Directive 8100.2 requirements. According to company officials, the adaptive wireless LAN and identity-based security solutions address a wide range of new domestic and international government, financial, and commercial applications.
“Our indoor and outdoor adaptive wireless LANs have drawn considerable interest from prospective domestic and international users with high security requirements for whom FIPS 140-2 validation by itself is insufficient,” said Dave Logan, general manager of Federal Solutions at Aruba.
He said these users require a combination of Common Criteria certification, FIPS 140-2 validation, and Directive 8100.2 compliance, and said with these in hand “we can bring the same mobility and efficiency benefits to high security users as we do to general enterprise customers.”
Also called ISO standard 15408, the Common Criteria addresses the protection of assets from unauthorized disclosure, modification, or loss of use arising from both intentional and unintentional causes.
“The absence of Common Criteria certification is a showstopper for Federal customers and other high-security vertical markets, such as finance," said Greg Young, vice president for research at Gartner (
News -
Alert), Inc.
He also said that one of the most significant benefits of Common Criteria evaluations is that the documentation requirements force vendors to implement strict change management and release controls, which can minimize—but not eliminate—the serious and valid concern of vulnerabilities being introduced post-evaluation.