12. Decommission and Disposal
12.1. nShield Connect and nShield Solo
When an HSM reaches the end of its operational life it should be securely
decommissioned and disposed of.
1.
The Security Procedures in the Customer’s Security Policy should describe the
decommissioning process. To decommission the HSM, all secret information that is
used to protect your Security World should be erased. See the Erasing a module
from a Security World section in the User Guide for details of the HSM factory reset
procedure. If the Customer’s Security Procedures have specific requirements
concerning the erasing of application key material, these procedures should be
performed before the factory reset is performed.
An HSM factory reset will erase all application key material.
2.
If no further operational requirements exist for the HSM, Customer Security
Procedures should describe the disposal process. The Customer Security Procedures
concerning the transportation of the unit should be adhered to.
3.
The customer may have a secure destruction policy for decommissioned assets. As
long as all secret information that is used to protect your Security World has been
erased there is no requirement to securely destroy the HSM as it has been returned
to its factory state.
4.
However if the HSM has malfunctioned in a way that it is not possible to determine
whether secret information used to protect the Security World has been erased, that
is, the possibility exists that secret information may still present in the HSM, then the
customer must refer to their Security Procedures to determine if the HSM should be
destroyed. One option here is to use a data destruction service offered by private
companies who can destroy the equipment in accordance with approved standards
and provide a certificate of data destruction. Customer Security Procedures should
describe the destruction process that ensures that all HSM components that contains
secrets are completely destroyed.
5.
Entrust will accept the return of decommissioned HSMs for secure destruction.
12.1.1. Recycling and disposal information
For recycling and disposal guidance, see the nShield product’s Warnings and Cautions
documentation.
nShield® Security Manual 78 of 90
To Next Page
Loading...
Need help?
General
