Aruba, a Hewlett Packard Enterprise company, has announced that its Aruba ClearPass has been awarded Common Criteria certification for a network access control (NAC) solution, under both the Network Device collaborative Protection Profile1 and the Extended Package for Authentication Servers2 modules. The company said that this is the first such certification and that ClearPass is the cybersecurity industry’s first NAC solution to receive certification as an authentication server.
With this advanced Common Criteria certification, governed by ISO/IEC (News - Alert) standards bodies and awarded by the National Information Assurance Partnership (NIAP), Aruba ClearPass was validated through an independent testing laboratory to ensure it adheres to government and defense cybersecurity standards. ClearPass is designed to empower IT departments with the ability to profile, authenticate, and authorize users, systems, and devices to access network and IT resources. ClearPass will allow government agencies and private organizations to rely on Common Criteria certification as assurance for providing a global, independent, and certifiable cybersecurity baseline.
It was awarded Common Criteria certification for the Network Device Collaborative Protection Profile after completing tests focused on a set of demanding security requirements that mitigate a series of well-defined threats. Tests replicate real-world threat situations covering all aspects of access control including encryption, physical security, certificate validation, and processing, along with TLS/SSL processing. NDcPP represents a security baseline for any network-connected device or system.
Aruba’s certification was granted by the NIAP, which is a United States government initiative that oversees a national program to evaluate commercial off-the-shelf (COTS) information technology (IT) products for conformance to the internationally recognized Common Criteria security testing standards. Tests were performed by Gossamer Security Solutions, one of the world’s most renowned security testing laboratories.
“Common Criteria validation provides the highest level of security certification an organization can receive, which elevates Aruba network access control to new levels,” said Jon Green, CTO for Security, Aruba, a Hewlett Packard Enterprise company. “Securing enterprises for the mobile, cloud, and IoT era has never been this challenging. The certification demonstrates Aruba’s commitment to providing customers with the industry’s most secure solutions for multi-vendor, wired, and Wi-Fi network infrastructures, even if it’s not an Aruba network.”