Wireless Access

Reply
Highlighted
Occasional Contributor II

Is it possible to run FIPS code in non-FIPS controller?

We need to move towards a FIPS complaint wireless environment but don't have yet the allocated funds to replace our controllers with FIPS complaint ones and neither have the funds to replace all APs.

 

We are already at 8.x code (8.3.0.12 to be exactly), with Mobility Masters (FIPS complaint) cluster and two 7210 controllers.

 

Can we run the FIPS code in the non-FIPS controllers?

 

Thanks.

Highlighted
Super Contributor I

Re: Is it possible to run FIPS code in non-FIPS controller?

You would need to use the FIPS compliant hardware because FIPS is more than just the Controller OS. It's the encryption chip on the controller itself.

 

For an example of device parts numbers for FIPS controllers here is the data sheet for the 7200 series controllers: https://www.arubanetworks.com/assets/ds/DS_7200Series.pdf

 

 

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
MVP Guru

Re: Is it possible to run FIPS code in non-FIPS controller?

Yes, you can install the FIPS firmware on a non-FIPS controller. Please 'write erase all' after you did that. The difference in controller hardware between FIPS/non-FIPS is physical to prevent things like accessing the chips via the vent openings, tamper evidence labels (TEL) that needs to be applied, and some supply-chain differences.

 

For certified FIPS operations you might need those features as well if you only need to run FIPS software that is possible with the same software features that are required in FIPS operations. Without the FIPS controller hardware, you probably can't claim full FIPS compliance.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: