Smartcards are used for storing three distinct types of sensitive information:
· Storage of LMK components
· Storage of authorising officer credentials
· Storage of HSM alarm, security and host settings
Security precautions for the cards are as follows:
1. All Smartcards containing sensitive information must be stored securely.
2. Smartcards required to put the unit into Authorised State must be stored separately.
3. Access to Smartcards must be restricted to authorised personnel, and only when necessary.
4. It must not be possible for any one authorised individual to gain access to more than one Smartcard.
5. Use of Smartcards must be subject to audit control.
6. If a previously authorised individual becomes unauthorised, measures must be taken to ensure that the individual no longer has access to the Smartcard.
7. If a smart card is compromised, it must be invalidated and a replacement issued.
8. Copies of the Smartcards should be kept separately, off-site. These copies must be subject to the same access controls as the original Smartcards.
9. The original cards and the copies should be periodically checked to ensure that they have not been corrupted.