Entrust nShield

To Next Page

To Previous Page

behaviour by the application. This includes applications that use an inadequate concept

of key security.

Security guidance on using SAM to detect insecure behavior is provided in-situ in the

User Guide. See the nShield PKCSÊ11 library with Security Assurance Mechanism section

and Key security sections in the User Guide for your HSM for details.

7.10.3. nShield PKCSÊ#11 library environment variables

Security configuration guidance for various variables is provided in-situ in the User

Guide. See the nShield PKCSÊ11 library environment variables_ section in the User Guide

for your HSM for details.

nShield® Security Manual 55 of 90

Main Page

Table of Contents2
Introduction5
Who Should Read this Document5
Products Covered by this Manual5
Product Security Objective5
Product Selection6
Security Manual Authority and Scope6
Related Documents6
Reference Documents7
Supply and Transportation8
Trusted Delivery8
Tamper Inspection8
Environment10
HSM Function and Architecture10
HSM Environment Controls11
Commissioning13
Preparation13
Installation13
Hardware14
Network Configuration14
Date and Time16
Nshield Connect and Client Configuration17
Logging and Debugging21
Configure Access Control24
Configure Security World25
Remote Services26
See27
Access Control29
Security World Access Control Architecture29
Security World Access Control Guidance31
Application Keys37
Nshield Connect Front Panel38
Configuring the Nshield Connect to Use a Client38
Role Holder Lifecycle Guidance39
Operation42
Patching Policy42
Set the RTC Time42
Operator Card Set (OCS) Quorum Configurations42
NVRAM Key Storage44
RFS - Configuring Auto Push44
Security World Replacement Options44
Host Platform and Client Applications44
Preload Utility45
Discarding Keys46
Erasing a Module from a Security World46
Replacing an OCS46
Replacing the ACS46
Firmware Upgrade47
Enabling and Disabling Remote Upgrade47
Migrating Keys to a V3 Security World47
Key Management49
Key Management Schema49
Security World Security Strengths49
Application Keys Algorithms and Key Sizes51
Cryptoperiods51
Generating Random Numbers and Keys52
Key Backup52
Key Import53
Key Separation53
Nshield JCA/JCE CSP53
Nshield PKCS #11 Library54
Physical Security56
Nshield Edge Physical Security Controls56
Nshield Solo+ Physical Security Controls56
Nshield solo XC Physical Security Controls57
Nshield Connect Physical Security Controls58
Nshield Card Readers63
Tamper Inspection63
Audit64
HSM and Card Reader Location64
ACS and OCS64
Logs64
Audit Logging65
Audit Logging Time66
Support and Maintenance67
Security Advisories67
Application and Operating System Patching67
Connect Fan Tray Module and PSU Maintenance67
Solo XC Fan and Battery Maintenance68
Maintenance Mode68
Troubleshooting69
Contacting Entrust Nshield Support69
Security Incident and Response70
Security Incident Monitoring70
Security Incident Management70
Security Incident Impact and Response71
Deleting a Security World76
Module Failure77
Tamper Incident77
Decommission and Disposal78
Nshield Connect and Nshield solo78
Appendix A: Abbreviations80
Appendix B: Glossary82

Entrust nShield - Page 55

Table of Contents

Other manuals for Entrust nShield

Related product manuals