Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Free Registration
- Explore Thales Docs

Accounts
Services
Technical Resources
DPoD APIs

All

All

payShield Cloud HSM Service

Service Specifications

Services
Luna Cloud HSM Services
Luna Cloud HSM Service Integrations
CipherTrust Key Management Services
- Key Broker for Salesforce
  - Adding a Key Broker for Salesforce Service
  - Managing a Key Broker for Salesforce Service
  - Setting a Rotation Policy
  - Migrating Key Broker for Salesforce to CipherTrust Data Security Platform as a Service
- Key Broker for Google Cloud EKM
  - Service Guide
  - Key Setup Guide
  - Key Use Guide
  - Frequently Asked Questions
  - Migrating Key Broker for Google Cloud EKM to CipherTrust Data Security Platform as a Service
- CipherTrust Data Security Platform as a Service
payShield Cloud Services
- payShield Cloud HSM Service
  - Service Overview
  - Prerequisites
  - Getting Started
    - payShield Cloud HSM Configuration/Subscription Options
    - How to Subscribe to the payShield Cloud HSM Service
  - Service Specifications
  - Connecting to the payShield Cloud HSM Service
    - Azure Connection Guide
    - GCP Connection Guide
    - AWS Connectiontion Guide
  - Service Provisioning from DPoD Platform
    - Trial Tier Provisioning
    - Production Tier Provisioning
    - View Sevice Status
  - HSM Management using payShield Manager
    - Preparing for HSM Commission
    - Steps to Commission payShield Manager
    - Adding Another HSM to the Security Domain
    - Transitioning between HSM States via payShield Manager
    - Viewing Network Interfaces in payShield Manager
  - HSM Deprovisioning
  - APPENDIX A - Glossary
  - APPENDIX B - DPoD Errors
- Point-to-Point Encryption
  - Adding a Point-to-Point Encryption Service
  - Using the service
  - P2PE CLI
    - p2pe key
    - p2pe service
    - p2pe tls
  - P2PE REST API
  - P2PE errors
  - Service Details
  - Frequently Asked Questions
Partner Services

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

DPoD Documentation
Services
payShield Cloud Services
payShield Cloud HSM Service
Service Specifications

Service Specifications

The payShield Cloud HSM service has the following specifications:

Security Certifications

The data centers used to host the HSMs are PCI DSS certified. Also, the HSMs are PCI HSM v3 and FIPS certified, and the service data centers are compliant with PCI PIN Security audit requirements.

Thales Responsibility

Thales controls the following aspects of the service:

Allocation of HSMs to eligible customers of the service.
Managing the physical HSM infrastructure (including installation of HSMs in data centers, and basic network configuration including cabling/connections to switches and routers).
Obtaining ongoing FIPS, PCI HSM, and other regional certifications for the HSMs offered as a part of a subscription package.
Enhancing the cryptographic functionality offered by the HSMs in line with payment market application and security requirements.
Providing 24x7 support to service users for matters relating to HSM functionality or operation.
Performing periodic diagnostic checks.
Replacing any faulty HSMs ensuring minimum possible downtime.

Your Responsibility

You (as the service user) are responsible for all the areas of management and operation of the HSMs under your subscription agreements namely:

HSM security configuration and master key management (LMK, ZMK, KEK, etc.)
Remote HSM management via payShield Manager
Loading of base/custom software and associated licenses
Audit trail management
Ensure sufficient subscriptions to meet backup, load balancing, disaster recovery, and redundancy needs
HSM monitoring
Overall payment system audit compliance for your payment applications

Message Protection Mechanism

payShield HSM supports both TLS and Non-TLS host connections. It is highly recommended to use TLS for communication between the payment application and the payShield Cloud HSM.

HSM Options

The service currently supports the standard payShield 10K HSM that is identical to the on-prem device.

Customization Options

The software customization service fulfilled by the Thales Professional Services team is available for use with any HSM used in a payShield Cloud subscription.

On this page

DPoD Documentation

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Services
Support
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com