Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Is it possible to run FIPS code in non-FIPS controller?

  • 1.  Is it possible to run FIPS code in non-FIPS controller?

    Posted May 15, 2020 04:50 PM

    We need to move towards a FIPS complaint wireless environment but don't have yet the allocated funds to replace our controllers with FIPS complaint ones and neither have the funds to replace all APs.

     

    We are already at 8.x code (8.3.0.12 to be exactly), with Mobility Masters (FIPS complaint) cluster and two 7210 controllers.

     

    Can we run the FIPS code in the non-FIPS controllers?

     

    Thanks.



  • 2.  RE: Is it possible to run FIPS code in non-FIPS controller?

    Posted May 17, 2020 08:37 PM

    You would need to use the FIPS compliant hardware because FIPS is more than just the Controller OS. It's the encryption chip on the controller itself.

     

    For an example of device parts numbers for FIPS controllers here is the data sheet for the 7200 series controllers: https://www.arubanetworks.com/assets/ds/DS_7200Series.pdf

     

     



  • 3.  RE: Is it possible to run FIPS code in non-FIPS controller?

    Posted May 18, 2020 10:34 AM

    Yes, you can install the FIPS firmware on a non-FIPS controller. Please 'write erase all' after you did that. The difference in controller hardware between FIPS/non-FIPS is physical to prevent things like accessing the chips via the vent openings, tamper evidence labels (TEL) that needs to be applied, and some supply-chain differences.

     

    For certified FIPS operations you might need those features as well if you only need to run FIPS software that is possible with the same software features that are required in FIPS operations. Without the FIPS controller hardware, you probably can't claim full FIPS compliance.