Home > |
---|
For full declassification (remove the unit from service, clear the HSM of all your material, clear the appliance of all identifying information) of a SafeNet Network HSM appliance, and assuming that you can power the appliance and gain admin access, follow these steps:
1.Rotate all logs.
lunash:> syslog rotate
2.Delete all files in the SCP directory.
lunash:> sysconf cleanup scp
3.Delete all logs:
lunash:> syslog cleanup
4.Return the appliance to factory-default settings.
lunash:> sysconf config factoryReset
5.Delete any backups of settings.
lunash:> sysconf config clear
6.Push the decommission button (small red button, inset in the SafeNet Network HSM back panel).
7.Power down the appliance.
8.Power up the appliance. At this point, the HSM internally issues and executes a zeroize command to erase all partitions and objects. If there are a lot of partitions and/or objects on the HSM, zeroization can take a long time. The KEK is already gone at that point – erased as soon as the button is pressed – so the step of erasing partitions and objects is for customers subject to especially rigid declassification protocols.