44|
Aruba IAP-3XX Wireless Access Points with Aruba Instant Firmware FIPS 140-2 Level 2 Security Policy
12. Tamper-Evident Labels
After testing, the Crypto Officer must apply Tamper-Evident Labels (TELs) to the Wireless Access Point. When
applied properly, the TELs allow the Crypto Officer to detect the opening of the device, or physical access to
restricted ports (i.e. the serial console port on the bottom of each IAP-3XX). Aruba Networks provides
FIPS 140
designated TELs which have met the physical security testing requirements for tamper evident labels under the
FIPS 140-2 Standard. TELs are not endorsed by the Cryptographic Module Validation Program (CMVP).
The tamper-evident labels shall be installed for the module to operate in a FIPS
Approved mode of operation.
Aruba Networks provides double the required amount of TELs. If a customer
requires replacement TELs, please call customer support and Aruba Networks will
provide the TELs (Part # 4011570-01 - HPE SKU JY894A).
The Crypto officer shall be responsible for keeping the extra TELs at a safe location
and managing the use of the TELs.
12.1. Reading TELs
Once applied, the TELs included with the Wireless Access Point cannot be surreptitiously broken, removed, or
reapplied without an obvious change in appearance:
Figure 18 - Tamper-Evident Labels
If evidence of tampering is found with the TELs, the module must immediately be powered down and the
administrator must be made aware of a physical security breach.
Each TEL also has a unique serial number to prevent replacement with similar labels. To protect the device from
tampering, TELs should be applied by the Crypto Officer as pictured below.
