The HSM 8000 (Host Security Module) series of equipment provides cryptographic functions to support network and point-to-point data security, therefore it is imperative that the HSM itself is secure. The HSM is made physically secure by locks, electronic switches and tamper-detection circuits, and must be located in a secure area with controlled access. See Security Recommendations.
HSM software security is provided by a combination of security features including:
· Two front-panel locks with separate keys.
· Personalised Smartcards issued to several Security Officers.
· Personal Identification Numbers (PINs) issued to Security Officers.
· A Secure mode which requires the presence of two officers holding separate physical keys to the front panel locks.
· An Authorised mode, requiring the presence of two Authorising Officers with encrypted Smartcards and (optionally) PINs.
· A configurable alarm system.
· Configurable security parameters.
· Error and Audit logs.
Security commands, and operations involving plain text data, are entered by the user via the associated HSM Console.