client’s application and its environment must be protected from malware as they access
the HSMs cryptographic services. Adequate logical and physical controls should be in
place to ensure that malware is detected.
Your Security Procedures should identify the measures required to ensure the physical
security (and counter any threats of theft or attack) of the nShield HSM, and associated
host/client/Remote File System (RFS) platforms, backup data, Security Information and
Event Management (SIEM) collectors and card readers.
Access to the nShield HSM, and associated host/client/RFS platforms, backup data, SIEM
collectors and card readers secure areas must:
•
Only be provided to authorized individuals
•
Only be provided when necessary
•
Subject to audit control.
The nShield HSM and any card readers integrate with your infrastructure/network.
Therefore, any Security Policy requirements for the infrastructure/network must cover
the nShield HSM and card readers as well when operating within that
infrastructure/network.
The nShield HSM must be subject to protection against excessive processing demands.
The nShield HSM and any card readers must be subject to protection against
electromagnetic emissions if this is deemed to be a threat in the deployed environment.
Temperature range restrictions apply to the nShield Solo+, nShield Solo XC, nShield
Connect+ and nShield Connect XC when in operation. The HSMs must be located in well
ventilated locations (hosts or comms racks).
Voltage range restrictions apply to the nShield Solo XC and nShield Connect XC when in
operation. The HSMs must be protected with surge protection equipment.
To keep track of the nShield HSM and any card readers in your environment and aid any
investigation in the event of loss, an asset id should be assigned to the product and a
record of the nShield HSM and any card readers description, serial number and location
be entered against the asset id in an asset register.
nShield® Security Manual 12 of 90
To Next Page
Need help?
General
