Additionally, for DoD/IC deployments, you can deploy Aruba APs using CPsec which adds an IPsec encryption layer over the control traffic between the controller and the APs.
You can PM me if you want contacts to engage the Aruba Federal team for more detail. But in general, Aruba's security implementation is far more secure than the CAPWAP and LWAPP implementation as we used true centralized encryption of the user data traffic (WPA2 encrypted, wrapped in GRE, as opposed to the Cisco APs doing decrypt/re-encrypt, which makes Cisco APs 'controlled devices' and subject to TELs or Lock Boxes and periodic inspections. Since the Aruba APs don't decrypt/re-encrypt we don't require TELs, boxes, or inspections. If someone steals the AP, they have nothing. Aruba also is the most up to date on FIPS, UCAPL, and Common Criteria certifications.
Let us know if you need more and PM me if you want a Fed Team contact to engage further.