Home > |
---|
Below are some suggested holders of PED Keys by role.
Lifecycle | PED Key [Note 1] |
Operational Role |
Function | Custodian |
---|---|---|---|---|
PED keys enforce division of operational roles and prevent unilateral action by key holders |
||||
HSM Admin |
|
Security Officer |
Manages provisioning activities and global security policies for the HSM : |
CSO |
|
Domain Cloning |
Cryptographically defines the set of HSMs or partitions that can participate in cloning for the purposes of backup and high-availability.
|
Domain Administrator WAN Administrator |
|
|
Secure Recovery | Restores an HSM after a Secure Transport or tamper event | CSO | |
|
Remote PED | Establish a Remote PED connection | System Administrator |
|
Application Partition Admin |
|
Security Officer |
Manages provisioning activities and global security policies for the partition : |
|
Daily |
|
Crypto Officer |
This is the full user role associated with a partition. This role can perform both cryptographic services and key management functions on keys within the partition. |
System |
Crypto User |
This is a restricted user role on a partition. This role can perform cryptographic services using keys already existing within the partition, only. (See Note 2, below.) |
System |
||
Ongoing Auditing |
|
Audit User |
An independent role responsible for audit log management. This role has no access to other HSM services. |
Auditor |
[Note 1: This table implies a single PED Key for each HSM role or functional secret. For any role or PED Key secret, you can elect to invoke the MofN split-knowledge shared secret option, to spread the responsibility for that role or function over multiple persons. That is, you can require that a predetermined number of responsible persons, greater than one, must be present to unlock/access the particular HSM role or function. Choose MofN for a role or function when it is important that no single person have unsupervised access. See "About MofN" and "Using MofN". | ||||
[Note 2: Functionally, the Crypto User (grayAn alternate spelling of "grey". If you see either "gray" or "grey" throughout these documents, they refer to the same concept.) PED Key is just another "black PED Key". The PED does not distinguish gray from black. The gray label is provided only for your convenience, so that CO and CU PED Keys are easy to visually identify and manage. You could, if you prefer, just use two different black-labeled PED Keys, one for Crypto Officer, and one for Crypto User. The PED message prompts only for "black" PED Keys - it is up to you to recognize which one is being requested, from the current context; the greyAn alternate spelling of "gray". If you see either "grey" or "gray" throughout these documents, they refer to the same concept. label is meant to make that distinction convenient.] |