HSM Roles
The security of an HSM and its cryptographic contents depends on well-controlled access to that HSM. A controlled access policy is defined by:
>the set of users with valid login credentials for
>the actions each user is allowed to perform when logged in (the user's role)
For example, an access policy that adheres to the PKCS#11 standard requires two roles: the security officer (SO), who administers the user account(s), and the standard user, who performs cryptographic operations. When a user logs in to the HSM, they can perform only those functions that are permitted for their role.
Luna PCIe HSM divides roles on the HSM according to an enhanced version of the PKCS#11 standard. Configuration, administration, and auditing of the HSM itself is the responsibility of the roles described below. Cryptographic functions take place on the application partition, which has a different set of independent roles (see Partition Roles).
Personnel holding the HSM roles described below access HSM functions by logging in to the Admin partition on the HSM using LunaCM. They must therefore have the appropriate Administrator access to the workstation hosting the Luna PCIe HSM.
The HSM-level roles are as follows:
HSM Security Officer (SO)
The HSM SO handles all administrative and configuration tasks on the HSM, including:
>Initializing the HSM and setting the SO credential (see Initializing the HSM)
>Setting and changing global HSM policies (see HSM Capabilities and Policies)
>Creating/deleting the application partition (see Creating or Deleting an Application Partition)
>Updating the HSM firmware (see Updating the Luna Backup HSM (G5) Firmware)
Managing the HSM Security Officer Role
Refer also to the following procedures to manage the HSM SO role:
>Logging In as HSM Security Officer
Auditor (AU)
The Auditor is responsible for managing HSM audit logging. These responsibilities have been separated from the other roles on the HSM and application partition so that the Auditor can provide independent oversight of all HSM processes, and no other user, including the HSM SO, can clear those logs. The Auditor's tasks include:
>Initializing the Auditor role
>Setting up audit logging on the HSM
>Configuring the maximum size of audit log files and the time interval for log rotation
>Archiving the audit logs
Managing the Auditor Role
Refer to Configuring and Using Audit Logging for procedures involving the Auditor role. See also:
Administrator (AD)
The HSM Administrator is a deprecated role on the Admin partition whose functions are now served by the application partition roles (see Partition Roles). Initializing this role is not recommended.