We need to move towards a FIPS complaint wireless environment but don't have yet the allocated funds to replace our controllers with FIPS complaint ones and neither have the funds to replace all APs.
We are already at 8.x code (220.127.116.11 to be exactly), with Mobility Masters (FIPS complaint) cluster and two 7210 controllers.
Can we run the FIPS code in the non-FIPS controllers?
You would need to use the FIPS compliant hardware because FIPS is more than just the Controller OS. It's the encryption chip on the controller itself.
For an example of device parts numbers for FIPS controllers here is the data sheet for the 7200 series controllers: https://www.arubanetworks.com/assets/ds/DS_7200Series.pdf
Yes, you can install the FIPS firmware on a non-FIPS controller. Please 'write erase all' after you did that. The difference in controller hardware between FIPS/non-FIPS is physical to prevent things like accessing the chips via the vent openings, tamper evidence labels (TEL) that needs to be applied, and some supply-chain differences.
For certified FIPS operations you might need those features as well if you only need to run FIPS software that is possible with the same software features that are required in FIPS operations. Without the FIPS controller hardware, you probably can't claim full FIPS compliance.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.