Entrust nShield Security Manual page 73

Recovery Action
Revoke application keys protected by OCS.
If unable to revoke keys isolate HSM so that no system can use it. Erase blobs associated
kmdata/rfs/backups
with the application keys protected by the OCS in to prevent attacker
trying to use keys with stolen OCS.
Create replacement application keys under new OCS.
If the OCS cards are subsequently recovered they should either be erased or destroyed.
11.3.5. Compromised Key or Secret: A quorum of ACS cards is
compromised
Compromise Type
Lost or stolen
Impact
The Security World protected by the ACS is under the control of the attacker
Recovery Action
Revoke all Module-protected/module pool-protected application keys, as these are
available to an attacker with a KMData archive, an HSM and the compromised ACS.
Re-initialize the HSM to a different Security World with a new ACS.
Alternatively, to mitigate the present threat, the HSM can be put into pre-initialization
mode whilst business recovery procedures are implemented prior to creating a new
Security World.
The original Security World must not be used. Destroy the world file and any backups to
prevent an attacker recovering the Security World with the ACS, world file and backups.
If the ACS cards are subsequently recovered they should be either erased or destroyed.
Create replacement application keys.
11.3.6. Compromised Key or Secret: Soft KNETI
Compromise Type
Attacker has subverted client memory
Impact
KNETI is compromised and must not be used
nShield® Security Manual 73 of 90