Government and Military

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
New Member

FIPS 140-2 AP options

We're a small/medium DoD supplier with three facilities and have been told we need FIPS Validated Access Points.  I am looking at Aruba but do not see any *Instant* Access Points newer than the 2xx series on the CSRC (https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Validated-Modules/Search)

 

Is the IAP line not viable for FIPS validated wireless access?  We don't (currently) need the complexity/cost of Mobility Master and a Controller.

 

I'm having a hard time finding any more info on this.  From what I've read, the AP-3xx (Campus APs?) are not capable of running in Instant mode.

 

Can anyone confirm my findings?  I really don't want to go back to Ruckus now that they've been acquired by private equity.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Moderator

Re: FIPS 140-2 AP options

IAP has historically taken lower priority on validations than controller-based ArubaOS, just based on what our government customers tend to buy the most of.  That said, there is an ongoing FIPS validation effort right now which includes the IAP 300 series - you'll see it at https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list.  It's in "box 3" (in review) right now so it's waiting on NIST.  Given the current virus situation, we're not sure how much work is getting done at NIST though, so I can't give you an estimated completion date.

 

Hope that helps...

---
Jon Green, ACMX, CISSP, CISM, and a bunch of other acronyms
Aruba Security CTO

View solution in original post

2 REPLIES 2
Highlighted
Moderator

Re: FIPS 140-2 AP options

IAP has historically taken lower priority on validations than controller-based ArubaOS, just based on what our government customers tend to buy the most of.  That said, there is an ongoing FIPS validation effort right now which includes the IAP 300 series - you'll see it at https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/modules-in-process-list.  It's in "box 3" (in review) right now so it's waiting on NIST.  Given the current virus situation, we're not sure how much work is getting done at NIST though, so I can't give you an estimated completion date.

 

Hope that helps...

---
Jon Green, ACMX, CISSP, CISM, and a bunch of other acronyms
Aruba Security CTO

View solution in original post

Highlighted
New Member

Re: FIPS 140-2 AP options

Jon - thank you for the quick reply!  With the new CMMC regulation, I'm sure there will be others looking at IAP solutions this year as they strive for compliance (and ultimately passing the audit!)

 

Good to know there is a solution from Aruba in NIST's court.  Perhaps by the time we're ready to implement they will have passed the testing.