nShield 5 Adoption Guide
Introduction
Entrust introduced a new nShield HSM family, called the nShield 5, in 2022. It was released in two form factors, a PCI-e card called the nShield 5s, and a network attached unit called the nShield 5c. These HSMs are replacements for the nShield Solo XC and nShield Connect XC HSMs, respectively.
nShield 5s received both the FIPS 140-3 Level 3 and Common Criteria certifications. It supports all use cases of previous nShield HSMs and introduces new features.
This guide helps you plan and prepare to add nShield 5 HSMs to your existing Security World environment and transition from the Solo XC and Connect XC family to the nShield 5s and nShield 5c. It provides planning guidance and recommendations, and a collection of use cases, so you can ensure you maintain and meet your compliance objectives.
This guide is for customers with an existing Solo+, Solo XC, Connect+ and/or Connect XC HSM estate who want to adopt the nShield 5 into this environment.
nShield 5 compatibility
The nShield 5 HSM continues to use the same Security World Architecture as previous generations of nShield HSMs, allowing nShield 5 HSMs to work alongside existing HSM estates.
Importantly this means that Security Worlds created for previous generations of nShield HSMs can be loaded onto the nShield 5 HSM without any need for specific migration activities. Enrolling additional nShield 5 HSMs into the same Security World as other HSMs or transitioning from older HSMs to the nShield 5 is made easy by this common architecture.
The nShield 5 also shares a common firmware algorithm support and Security World restrictions (i.e. FIPS level 3 mode and cmts mode) as older generation HSMs. As such, the nShield 5 will continue to support the same algorithms and follow the same restrictions as that of an older generation HSM using the same version of firmware and Security World Software.
There are, however, a number of improvements made to the operation of the nShield 5 HSM that this document captures.