Edit an existing Security World

The edit-world utility allows you to edit properties of Security Worlds.

The following parameters are editable by the edit-world utility:

Parameter	Input	Description
StrictSP80056Ar3	0 or 1	Disable (0) or Enable (1) SP800-56Ar3 compliance. This parameter is only settable on a FIPS-140 Level 3 world.

Parameter

Input

Description

StrictSP80056Ar3

0 or 1

Disable (0) or Enable (1) SP800-56Ar3 compliance. This parameter is only settable on a FIPS-140 Level 3 world.

edit-world
StrictSP80056Ar3=0|1  Enforce strict SP800-56Ar3 compliance

A parameter can be enabled by setting it to 1.

Editing parameters of Security Worlds will prompt for Administrator Card Set authorization.
This changes the world file, affecting all future world loads, but does not affect the current HSM configuration. So the world must be reloaded on all HSMs in order to complete the change.
A backup copy of the world file is saved if any changes are made.
If nothing changes (e.g. because the world is already in the required configuration) then the world file is not updated and ACS authorization is not required.

edit-world StrictSP80056Ar3=1

Load Administrator Card Set to authorize world editing:
 Module 1 slot 0: empty
Card reading complete.

Saving backup to /opt/nfast/kmdata/local/world.bak
Updating /opt/nfast/kmdata/local/world
WARNING: changes will only take effect when world is re-loaded.

Likewise a parameter can be disabled by setting it to 0.