This manual is provided as guidance for the development of security policies and practices for HSM implementation and operation. The procedures described are required to ensure secure operation. Security procedures must exist in order to provide an appropriate operating environment for the HSM devices. Such security procedures describe physical and procedural countermeasures that must be provided by the user within the HSM's operating environment in order for secure operation to be possible. They do not include any functionality provided by the product itself.
This appendix in not intended to provide a complete and definitive list of requirements for HSM usage. It should be read in conjunction with security audit requirements and mandates from organisations such as:
· Card schemes
· Central banks
· Other authorities relevant to the specific application and environment in which the HSM is to be used.
The procedures defined in this appendix use the terms:
· "must", where a procedure must be in place for secure operation to be possible
· "should", where a procedure constitutes general good practice that assists in providing a secure environment for the HSM to operate within
An HSM can only operate securely if its environment provides the procedural security that it requires and if its security enforcing functions are utilised appropriately.
Recommendations for procedural security are as follows:
1. The product environment must be audited regularly to ensure that the appropriate set of procedures (satisfying the requirements laid down in this appendix) is in place and is being used.
2. A mechanism must be in place to enable corrective action to be taken if any procedure is not being observed or is failing.
3. The auditor must be independent of the operator of the product.