Capabilities and Policies
The SafeNet Luna Network HSM's configuration is based on HSM capabilities, displayed
A subset of HSM capabilities have corresponding HSM policies that allow you to customize the HSM configuration. Policies can be modified based on your specific needs. For example, you can restrict the HSM to use only FIPS-approved algorithms (FIPS mode) by setting HSM policy 12 to 1 (on).
Partitions inherit the capabilities and policy settings of the HSM. Partitions also have policies that can be set to customize the partition functions. Partition policies can never be modified to be less secure than the corresponding HSM capability/policy. For example, if HSM policy 7 is set to disallow cloning, partition policies 0 and 4, which allow cloning of private or secret keys, cannot be set to 1 (on).
The following sections describe individual HSM/partition capabilities and policies:
>HSM Capabilities and Policies
>Partition Capabilities and Policies
The HSM or Partition SO can create and apply Policy Templates to initialize multiple HSMs/partitions with the same preferred policy settings. See the following section for instructions on using Policy Templates: