HSM Roles
The security of an HSM and its cryptographic contents depends on well-controlled access to that HSM. A controlled access policy is defined by:
>the set of users with valid login credentials for
>the actions each user is allowed to perform when logged in (the user's role)
For example, an access policy that adheres to the PKCS#11 standard requires two roles: the security officer (SO), who administers the user account(s), and the standard user, who performs cryptographic operations. When a user logs in to the HSM, they can perform only those functions that are permitted for their role.
Luna Network HSM 7 divides roles on the HSM according to an enhanced version of the PKCS#11 standard. Configuration, administration, and auditing of the HSM itself is the responsibility of the roles described below. Cryptographic functions take place on the application partition, which has a different set of independent roles (see Partition Roles).
Personnel holding HSM-level roles access the HSM by logging in to LunaSH via SSH or a serial connection. They must therefore have the appropriate appliance user access for their respective HSM role, to ensure that they can access all LunaSH commands necessary to perform HSM administration tasks.
The HSM-level roles are as follows:
HSM Security Officer (SO)
The HSM SO handles all administrative and configuration tasks on the HSM, including:
>Initializing the HSM and setting the SO credential (see Initializing the HSM)
>Setting and changing global HSM policies (see HSM Capabilities and Policies)
>Creating/deleting the application partition (see Creating or Deleting an Application Partition)
>Updating the HSM firmware (see Updating the Luna HSM Firmware)
The HSM SO must have admin-level user access to the Luna Network HSM 7 appliance (see Appliance Users and Roles).
Managing the HSM Security Officer Role
Refer also to the following procedures to manage the HSM SO role:
>Logging In as HSM Security Officer
>Changing the HSM SO Credential
Auditor (AU)
The Auditor is responsible for managing HSM audit logging. These responsibilities have been separated from the other roles on the HSM and application partition so that the Auditor can provide independent oversight of all HSM processes, and no other user, including the HSM SO, can clear those logs. The Auditor's tasks include:
>Initializing the Auditor role
>Setting up audit logging on the HSM
>Configuring the maximum size of audit log files and the time interval for log rotation
>Archiving the audit logs
The Auditor must have access to the audit account on the Luna Network HSM 7 appliance (see Appliance Users and Roles).
Managing the Auditor Role
Refer to Configuring and Using Audit Logging for procedures involving the Auditor role. See also:
