Aruba, a Hewlett Packard Enterprise company (NYSE:HPE), announced that Aruba ClearPass is the first in the cybersecurity industry to be awarded Common Criteria certification for a network access control (NAC) solution, under both the Network Device collaborative Protection Profile1 and the Extended Package for Authentication Servers2 modules. ClearPass is also the industry’s first NAC solution to receive certification as an authentication server.
With this advanced Common Criteria certification, governed by ISO/IEC standards bodies and awarded by the National Information Assurance Partnership (NIAP), Aruba ClearPass was validated through an independent testing laboratory to ensure it adheres to strict government and defense cybersecurity standards. ClearPass empowers Information Technology teams with the ability to intelligently profile, authenticate, and authorize users, systems, and devices to access network and IT resources. ClearPass allows government agencies and private organizations to rely on Common Criteria certification as assurance for providing a global, independent, and certifiable cybersecurity baseline.
Mobile, cloud, and IoT have imposed new demands on cybersecurity professionals. Aruba ClearPass is designed for this new era of threats and it was awarded Common Criteria certification for the Network Device Collaborative Protection Profile after completing tests focused on a set of demanding security requirements that mitigate a series of well-defined threats. Tests replicate real-world threat situations covering all aspects of access control including encryption, physical security, certificate validation, and processing, along with TLS/SSL processing. NDcPP represents a security baseline for any network-connected device or system.
As an important complement to NDcPP, Aruba ClearPass received Common Criteria certification for the Extended Package for Authentication Servers module. This extended package assesses functionality specific to RADIUS authentication servers, and qualifies ClearPass to appear on the approved product list for the US National Security Agency’s Commercial Solutions for Classified (CSfC) program. US government customers deploying classified communications systems under the CSfC program may use ClearPass to securely authenticate user and device access over wired, Wi-Fi, and remote connections.
Aruba’s certification was granted by the NIAP, which is a United States government initiative that oversees a national program to evaluate commercial off-the-shelf (COTS) information technology (IT) products for conformance to the internationally recognized Common Criteria security testing standards. Tests were performed by Gossamer Security Solutions, one of the world’s most renowned security testing laboratories.
Common Criteria is a global standard to which security products are evaluated on behalf of both government agencies and private sector organizations who are focused on dealing with an increasingly complex and dangerous threat environment. Certifications are universally recognized by 28 nations and products certified in one country are recognized by all other countries. NIAP also works with NATO and international standards bodies (ISO) to share Common Criteria evaluation experiences and increase efficiencies by avoiding the duplication of efforts. To learn more, visit the NIAP portal.
“Common Criteria validation provides the highest level of security certification an organization can receive, which elevates Aruba network access control to new levels,” said Jon Green, CTO for Security at Aruba, a Hewlett Packard Enterprise company. “Securing enterprises for the mobile, cloud, and IoT era has never been this challenging. The certification demonstrates Aruba’s commitment to providing customers with the industry’s most secure solutions for multi-vendor, wired, and Wi-Fi network infrastructures, even if it’s not an Aruba network.”
“Government agencies and enterprise organizations alike continue to seek clarity through the chaos caused by the increasingly complex and sophisticated threat landscape,” said Bill Buckalew, vice president of partner sales for Optiv, a Denver-based market-leading provider of end-to-end cybersecurity solutions. “We are pleased Aruba was first to receive certification status for such a well-established security standard like Common Criteria. Efforts like this from our key technology partners, such as Aruba, play an important role in enabling Optiv to perform comprehensive security optimization—from strategy and planning straight through to implementation and management—for our clients.”