12.1.2. Security World
If the Security World resident on the decommissioned HSM is no longer required then the
ACS and OCS should be erased.
•
The ACS can only be erased by a different Security World e.g. a replacement
Security World. You can, and should, reuse the smart cards from a deleted Security
Worlds ACS. If you do not reuse or destroy these cards, then an attacker with these
smart cards, a copy of your data (for example, a weekly backup) and access to any
nShield HSM can access your old keys.
•
The OCS can only be erased on the Security World that it was created for. Therefore,
ensure that the OCS is erased as a final step before the HSM is decommissioned. The
cards can then be used for a new Security World.
•
Once the steps outlined above any keys that exist in backup data are no longer
usable.
If a new Security World is not required uninstall the Security World software. However,
we recommend that you do not uninstall the Security World software unless you are
either certain it is no longer required, or you intend to upgrade it.
nShield® Security Manual 79 of 90
To Next Page
Loading...
Need help?
General
