This page was not yet optimized for use on mobile devices.
AP-514, AP-515, AP-534, AP-535, AP-584, AP-585, AP-587, AP-635 and AP-655 Access Points
Certificate #4916
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-256, RC4, DES, Triple-DES, HMACAsymmetric Algorithms
ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA3-256, SHA-3, MD5Schemes
Key Exchange, Key AgreementProtocols
SSH, IKE, IKEv1, IKEv2, IPsec, VPNRandomness
DRBGLibraries
OpenSSLElliptic Curves
P-256, P-384Block cipher modes
ECB, CBC, CTR, GCM, CCMTrusted Execution Environments
PSPVendor
Qualcomm, BroadcomSecurity level
Level 2, Level 1Certification process
out of scope, i.e. out of scope of module, mode of operation. • An un-provisioned AP, which by default does not serve any wireless clients, is out of scope of this validation. The Crypto Officer must ensure that the Wireless Access Point is kept in the, mode of operation. An un-provisioned AP, which by default does not serve any wireless clients, is out of scope of this validation. The Crypto Officer must ensure that the Wireless Access Point is kept in the, 11 Factory CA Public Key –PSP 2048 bits RSA N/A Loaded into the module during manufacturing (i.e. out of scope of module). Import: N/A Export: N/A N/A Stored in TPM Since this is a public key and protected inStandards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 186-2, FIPS 180-4, FIPS 202, SP 800-38A, SP 800-38D, SP 800-133, SP 800-90A, SP 800-135, SP 800-90B, SP 800-108, SP 800-56A, SP 800-56C, SP 800-38F, SP 800-63B, PKCS1, PKCS#1, RFC 4106, RFC 7296, RFC 5282, ISO/IEC 24759, ISO/IEC 19790:2012, ISO/IEC 24759:2017File metadata
| Author | McGlashan, Dave |
|---|---|
| Creation date | D:20241029134347-04'00' |
| Modification date | D:20241029134538-04'00' |
| Pages | 76 |
| Creator | Acrobat PDFMaker 24 for Word |
| Producer | Adobe PDF Library 24.3.212 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
16.12.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4916,
"dgst": "10ec7498052c6366",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA KeyVer (FIPS186-4)A2690",
"KAS-FFC-SSC Sp800-56Ar3A2690",
"RSA KeyGen (FIPS186-4)A2690",
"SHA-1A2690",
"RSA SigVer (FIPS186-2)A2690",
"Counter DRBGA2690",
"AES-CTRA2690",
"AES-ECBA2690",
"DSA PQGGen (FIPS186-4)A2690",
"SHA2-512A2690",
"RSA SigVer (FIPS186-4)A2690",
"AES-CCMA2690",
"ECDSA KeyGen (FIPS186-4)A2690",
"KDF IKEv1A2690",
"SHA2-384A2690",
"HMAC-SHA2-256A2690",
"SHA2-256A2690",
"DSA KeyGen (FIPS186-4)A2690",
"KDF IKEv2A2689",
"AES-CBCA2690",
"RSA Signature PrimitiveA2690",
"Safe Primes Key VerificationA2690",
"ECDSA SigVer (FIPS186-4)A2690",
"ECDSA SigGen (FIPS186-4)A2690",
"SHA3-256A2738",
"RSA SigGen (FIPS186-4)A2690",
"Safe Primes Key GenerationA2690",
"HMAC-SHA-1A2690",
"KDA TwoStep Sp800-56Cr1A2690",
"KDF SP800-108A2690",
"HMAC-SHA2-384A2690",
"AES-GCMA2690",
"KAS-ECC-SSC Sp800-56Ar3A2690"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"8.10.0.5"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 3
},
"ECDSA": {
"ECDSA": 24
}
},
"FF": {
"DH": {
"DH": 7,
"Diffie-Hellman": 11
},
"DSA": {
"DSA": 3
}
}
},
"certification_process": {
"OutOfScope": {
"11 Factory CA Public Key \u2013PSP 2048 bits RSA N/A Loaded into the module during manufacturing (i.e. out of scope of module). Import: N/A Export: N/A N/A Stored in TPM Since this is a public key and protected in": 1,
"i.e. out of scope of module": 1,
"mode of operation. An un-provisioned AP, which by default does not serve any wireless clients, is out of scope of this validation. The Crypto Officer must ensure that the Wireless Access Point is kept in the": 1,
"mode of operation. \u2022 An un-provisioned AP, which by default does not serve any wireless clients, is out of scope of this validation. The Crypto Officer must ensure that the Wireless Access Point is kept in the": 1,
"out of scope": 3
}
},
"cipher_mode": {
"CBC": {
"CBC": 6
},
"CCM": {
"CCM": 4
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 2
},
"GCM": {
"GCM": 11
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {
"OpenSSL": {
"OpenSSL": 24
}
},
"crypto_protocol": {
"IKE": {
"IKE": 27,
"IKEv1": 21,
"IKEv2": 25
},
"IPsec": {
"IPsec": 2
},
"SSH": {
"SSH": 1
},
"VPN": {
"VPN": 2
}
},
"crypto_scheme": {
"KA": {
"Key Agreement": 2
},
"KEX": {
"Key Exchange": 1
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 46,
"P-384": 38
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#7": 2
}
},
"fips_certlike": {
"Certlike": {
"AES CTR 256": 1,
"AES-256": 6,
"AES-CBC13": 1,
"AES-CBC7": 1,
"AES-GCM12": 1,
"AES-GCM6": 1,
"DRBG2": 1,
"HMAC-SHA- 1": 2,
"HMAC-SHA-1": 20,
"PKCS#1": 1,
"PKCS1": 14,
"RSA PKCS#1": 1,
"SHA- 1": 1,
"SHA-1": 11,
"SHA-110": 1,
"SHA-111": 1,
"SHA-14": 1,
"SHA-15": 1,
"SHA-3": 3,
"SHA2-256": 33,
"SHA2-384": 18,
"SHA2-512": 14,
"SHA3-256": 3
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 2": 90
}
},
"hash_function": {
"MD": {
"MD5": {
"MD5": 2
}
},
"SHA": {
"SHA1": {
"SHA-1": 11
},
"SHA3": {
"SHA-3": 3,
"SHA3-256": 3
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 35
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140-3": 114,
"FIPS 180-4": 3,
"FIPS 186-2": 2,
"FIPS 186-4": 11,
"FIPS 197": 3,
"FIPS 198-1": 4,
"FIPS 202": 2
},
"ISO": {
"ISO/IEC 19790:2012": 1,
"ISO/IEC 24759": 2,
"ISO/IEC 24759:2017": 1
},
"NIST": {
"SP 800-108": 5,
"SP 800-133": 1,
"SP 800-135": 11,
"SP 800-38A": 3,
"SP 800-38D": 2,
"SP 800-38F": 4,
"SP 800-56A": 8,
"SP 800-56C": 5,
"SP 800-63B": 1,
"SP 800-90A": 12,
"SP 800-90B": 2
},
"PKCS": {
"PKCS#1": 1,
"PKCS1": 7
},
"RFC": {
"RFC 4106": 1,
"RFC 5282": 1,
"RFC 7296": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 26,
"AES-256": 6
},
"RC": {
"RC4": 1
}
},
"DES": {
"3DES": {
"Triple-DES": 9
},
"DES": {
"DES": 2
}
},
"constructions": {
"MAC": {
"HMAC": 10
}
}
},
"tee_name": {
"AMD": {
"PSP": 5
}
},
"tls_cipher_suite": {},
"vendor": {
"Broadcom": {
"Broadcom": 1
},
"Qualcomm": {
"Qualcomm": 4
}
},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "McGlashan, Dave",
"/Comments": "",
"/Company": "",
"/CreationDate": "D:20241029134347-04\u002700\u0027",
"/Creator": "Acrobat PDFMaker 24 for Word",
"/Keywords": "",
"/ModDate": "D:20241029134538-04\u002700\u0027",
"/Producer": "Adobe PDF Library 24.3.212",
"/SourceModified": "D:20241029174307",
"/Subject": "",
"/Title": "",
"pdf_file_size_bytes": 2601030,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.arubanetworks.com/",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program",
"http://www.arubanetworks.com/",
"https://networkingsupport.hpe.com/end-of-life",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/Details?validation=35301",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15163",
"https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/7",
"https://networkingsupport.hpe.com/downloads;pageSize=100;fileTypes=DOCUMENT;products=Aruba%20Access%20Points,Aruba%20Mobility%20Gateways;softwareGroups=ArubaOS;softwareMajorVersions=8.10",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15237",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/Details?validation=35300",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15161",
"https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=15162",
"https://www.arubanetworks.com/open_source"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 76
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "eaa0a286fff125a0a95a7a706d96124edb085e4bef5ca0d251b651f70a75441c",
"policy_txt_hash": "d8c3ed609e9c03e26c95de8b9b2964be26a6f167a7bb29c762e6c1c05a8c09f8"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in the approved mode, with tamper evident labels installed as indicated in the Security Policy",
"certificate_pdf_url": null,
"date_sunset": "2026-12-11",
"description": "Aruba\u0027s 802.11 Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-3 mode, Aruba APs in conjunction with a Mobility Controller support the WPA2/WPA3 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "ArubaOS 8.10.0.5-FIPS",
"historical_reason": null,
"hw_versions": "AP-514-USF1 (HPE SKU Q9H68A), AP-515-USF1 (HPE SKU Q9H73A), AP-534-USF1 (HPE SKU JZ342A), AP-535-USF1 (HPE SKU JZ347A), AP-584-US TAA (HPE SKU R7T14A), AP-584-RW TAA (HPE SKU R7T15A), AP-585-US TAA (HPE SKU R7T19A), AP-585-RW TAA (HPE SKU R7T20A), AP-587-US TAA (HPE SKU R7T24A), AP-587-RW TAA (HPE SKU R7T25A), AP-635-RW TAA (HPE SKU R7J32A), AP-635-US TAA (HPE SKU R7J33A), AP-655-RW TAA (HPE SKU R7J43A), AP-655-US TAA (HPE SKU R7J44A) with FIPS Kit 4011570-01 (HPE SKU JY894A)",
"level": 2,
"mentioned_certs": {},
"module_name": "AP-514, AP-515, AP-534, AP-535, AP-584, AP-585, AP-587, AP-635 and AP-655 Access Points",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-12-12",
"lab": "Lightship Security, Inc.",
"validation_type": "Initial"
}
],
"vendor": "Aruba, a Hewlett Packard Enterprise company",
"vendor_url": "http://www.arubanetworks.com"
}
}