Reference Guide

16|

Aruba 7200 Series Controllers FIPS 140-2 Level 2 Security Policy

EAP-TLS authentication User

If RSA is used, 2048 bit RSA keys correspond to effective strength of

112

; If ECDSA (P-256 and P-384) is used, curve P-256 provides 128

bits of equivalent security, and P-384 provides 192 bits of equivalent

security..

Unauthenticated Services

The Aruba Controller can perform VLAN, bridging, firewall, routing, and forwarding functionality without

authentication. These services do not involve any cryptographic processing.

Additional unauthenticated services include performance of the power-on self-test and system status

indication via LEDs.



Non-Approved Services

Thefollowingnon‐approvedservicesarealsoavailabletotheunauthenticatedoperators.

 Network Time Protocol (NTP) service

 Internet Control Message Protocol (ICMP) service

 VLAN service

 Network bridging service

 Network Address Resolution Protocol (ARP) service

 Packets routing, switching and forwarding



Cryptographic Key Management

Implemented Algorithms

FIPS-approved cryptographic algorithms have been implemented in firmware and hardware.

 Hardware encryption acceleration is provided for bulk cryptographic operations for the following

FIPS approved algorithms:

o AES (Cert. #2479)

o Triple-DES (Cert. #1518)

o SHS (Cert. #2098)

o HMAC (Cert. #1522)

o RSA (Cert. #1268)

Note:

o RSA (Cert. #1268; non-compliant with the functions from the CAVP Historical RSA List)

 FIPS186-2:

ALG[ANSIX9.31]: SIG(gen); 1024, SHS: SHA-1/SHA-256/SHA-512, 2048, 4096, SHS:

SHA-1

ALG[RSASSA-PKCS1_V1_5]: SIG(gen): 1024, SHS: SHA-1/SHA-224/SHA-256/SHA-

384/SHA-512, 2048, 4096, SHS: SHA-1

ALG[RSASSA-PSS]: SIG(gen); 1024, SHS: SHA-1/SHA-224/SHA-256/SHA-384/SHA-

512, 2048, 4096, SHS: SHA-1