| 8/6/08 - Aruba Networks, Inc. (NASDAQ: ARUN) announced that it is the first wireless LAN supplier to be awarded a Common Criteria EAL-2 certificate for its Wi-Fi solutions. EAL-2 certification is a mandatory prerequisite for many high security applications, and is often required in tandem with validation to Federal Information Processing Standard (FIPS) 140-2 for cryptographic security and compliance with Department of Defense (DoD) Directive 8100.2 security policies for wireless technologies.
Aruba is the only wireless LAN vendor to meet EAL-2, FIPS 140-2, and Directive 8100.2 requirements. Accordingly, the company's adaptive wireless LAN and identity-based security solutions are able to address a wide range of new domestic and international government, financial, and commercial applications.
The Common Criteria, also known as ISO standard 15408, addresses the protection of assets from unauthorized disclosure, modification, or loss of use arising from both intentional and unintentional causes. It both defines a set of security functionality requirements for IT hardware, software, and firmware products, and, through a rigorous evaluation process, ensures that those requirements have been satisfied. Users turn to the Common Criteria as a guide for the procurement of IT products with security functionality because certified products have validated functionality meeting a well-defined set of criteria.
The FIPS 140-2 standard specifies the cryptographic security requirements for sensitive but unclassified information. The standard defines multiple levels of security that correspond with the wide range of potential applications and environments in which such systems may be employed.
DoD Directive 8100.2 spells out policies for deploying and monitoring secure wireless networks comprised of commercial wireless devices, services, and technologies in the DoD Global Information Grid. Among other criteria, Directive 8100.2 requires data encryption, strong authentication, non-repudiation, personal identification, and use of the 802.11i Wi-Fi security standard.
"The absence of Common Criteria certification is a showstopper for Federal customers and other high-security vertical markets, such as finance," said Greg Young, Research VP at Gartner, Inc. "One of the most significant benefits of Common Criteria evaluations is that the documentation requirements force vendors to implement strict change management and release controls, which can minimize -- but not eliminate -- the serious and valid concern of vulnerabilities being introduced post-evaluation. Given this rigor, evaluated products should have fewer vulnerabilities over time than their non-evaluated peers. However, do not assume that good cryptography is included in a Common Criteria evaluation. FIPS 140-2 is a widely accepted and successful standard for evaluating cryptographic modules, and ensures the correctness of cryptography."
Aruba's unified mobility solutions securely deliver networks to users by integrating adaptive wireless LANs, identity-based security, application continuity services, and multi-vendor network management into a cohesive, high-performance system. Adaptive wireless LANs deliver follow-me connectivity to roaming users, support standard Wi-Fi clients, and deliver high-speed data, toll-quality voice, and streaming video applications. Aruba's identity-based security associates policies with users instead of ports, delivering follow-me security that enhances mobility without compromising security.
"Our indoor and outdoor adaptive wireless LANs have drawn considerable interest from prospective domestic and international users with high security requirements for whom FIPS 140-2 validation by itself is insufficient," said Dave Logan, Aruba's General Manager of Federal Solutions. "These users require a combination of Common Criteria certification, FIPS 140-2 validation, and Directive 8100.2 compliance. With these in hand we can bring the same mobility and efficiency benefits to high security users as we do to general enterprise customers. It was not a simple task to meet these requirements and we are very pleased to be the first wireless LAN vendor to have done so."
Want to learn more about wireless technologies?
Keywords: aruba networks inc, global information grid, mandatory prerequisite, dod directive, non repudiation, strong authentication, unauthorized disclosure, cryptographic security, security functionality, common criteria, rigorous evaluation, Wireless Security |
