Figure A.1 below shows an HSM, printer & console in a “secure area with limited access”.
Figure A.1 - HSM in a Secure Area
Recommendations for the HSM secure area are as follows:
1. The HSM, console and printer (if attached) must be located in a physically secure area with limited, controlled access.
2. Access must be restricted to authorised individuals only.
3. Access to this area must only be provided when necessary.
4. Access to this area must be subject to audit control.
5. Access must never be granted to a single individual - at least two officers must be present if access is required.
6. The HSM secure area should be protected against electromagnetic emanation if this is deemed to be a threat.
7. HSM peripherals (e.g. printer) must only be attached when required.