nShield Security World v12.81 Security Manual

Introduction

Good security practice requires procedural as well as technical measures to provide a comprehensive security environment for the protection of your cryptographic keys and data.

This guide provides advice to you on the secure operation of the product. It identifies procedural measures that should be deployed to support the secure operation of the nShield. The guidance should be used in the development of your Security Operating Procedures for your systems incorporating the nShield.

Who should read this document?

The guide should be used by the following people:

  • Those responsible for the security policy and procedures for your systems incorporating the nShield

  • Those responsible for commissioning the nShield

  • Those responsible for administering the nShield

  • Those responsible for auditing the nShield.

Products covered by this manual

The guide covers the following product variants:

  • nShield Edge

  • nShield Solo+

  • nShield Solo XC

  • nShield Connect+

  • nShield Connect XC.

In this manual, guidance given for nShield Solo applies to both the Solo+ and Solo XC product variants. Similarly, guidance given for nShield Connect applies to both the Connect+ and Connect XC product variants.

Product security objective

The nShield range of products provide protection against technical and physical attacks on keys used to protect your data in use, in motion and at rest. This provides confidentiality, integrity and availability* of user data up to FIPS 140-2 Level 3 and Common Criteria version 3.1 revision 5 EAL 4+ (platform and version dependent) when deployed in accordance with the technical and procedural controls identified in the User Guide and Security Manual.

*Some availability threats can be mitigated by hosting a Security World across multiple Hardware Security Modules (HSMs).

nshield products

Product selection

As part of the security product selection process, you must determine that the functionality delivered by any candidate product meets your requirements.

In this manual the terms module and HSM are both used to generically describe the nShield range of products.

Security manual authority and scope

The guide is advisory and its scope is limited to identifying good procedural practices for the secure operation of the product within your environment.

If there is any contradiction between the guidance that occurs in this manual and that found in either the Installation guides or User Guides then the guidance found here takes precedence.

The scope of this manual is limited to security procedural guidance. The Installation guides and User Guides documents provide guidance on how to implement the controls discussed in this Manual.

  • nShield Solo, nShield Solo XC and nShield Edge User Guide (specific to the operating environment: Linux and Windows)

  • nShield Connect User Guide (specific to the operating environment: Linux and Windows)

  • CodeSafe Developer Guide

  • nShield Connect Physical Security Checklist

  • nShield Connect XC Installation Guide

  • nShield Edge Installation Guide

  • nShield Connect Installation Guide

  • nShield nToken Installation Guide

  • nShield Solo and nShield Solo XC Installation Guide.