Security World Access Control Guidance - Entrust nShield Security Manual
Hide thumbs
Also See for nShield:
- Installation manual (73 pages) ,
- Hardware and setup manual (26 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
control the users who can access the Security World and, for example, write data to the
host.
Your security policy (in response to a threat analysis) will determine the level of
protection required for your application keys.
5.2. Security World access control guidance
5.2.1. Administrator Card Set (ACS) protection
There is always only one ACS in a Security World. When creating a Security World you
can configure the following options:
• Whether to enable key recovery
If you disable the key recovery option, you cannot replace lost or damaged OCSs
and, therefore, cannot access keys that are protected by such cards. This feature
cannot be enabled later without reinitializing your Security World and discarding all
your existing keys.
• The number of administrator cards required to authorize key recovery
• Whether to enable pass phrase recovery
• The number of administrator cards required to authorize pass phrase recovery
• The number of administrator cards required to load this Security World onto a new
HSM.
• The number of administrator cards required for various features.
• Whether to disable certain features
• Whether to specify a pass phrase for a card
Your threat analysis should determine which features and/or options are enabled and
ACS quorums required to authorize those features. It is recommended that the quorum
for the ACS is larger than the quorum required to activate any feature. This will ensure
that the ACS quorum is only ever used when legitimately required. Additionally the
quorum size for Key and pass phrase recovery features should be greater than 1 but less
than the ACS quorum as these features can authorize access to OCS/Softcard-protected
keys, and this quorum size protects against a single malicious administrator card holder.
5.2.1.1. NSO-timeout guidance
When creating a new Security World, for example using the
parameters that can be explicitly specified is the NSO-timeout. The NSO-timeout is the
maximum time that can elapse between ACS quorum authorization, and reauthorization
being required. This is only normally relevant when the last administrator card of the
nShield® Security Manual
new-world
utility, one of the
31 of 90
Advertisement
Table of Contents
Need help?
Do you have a question about the nShield and is the answer not in the manual?
Questions and answers