Logging and Reporting

Luna PCIe HSM 7 allows you to track and report all activity on your HSM to encourage responsibility, ensure accountability, and maintain tight security.

Logging can be done at two levels

>the cryptographic module

>the host system that contains the crypto module.

Luna HSMs come equipped with HSM-level (that is, cryptographic module level) audit logging via the Audit HSM role. See HSM-Level Audit Logging.

For Luna PCIe HSM 7 it is your responsibility to manage audit log intensity, disk-space consumption,

HSM-Level Audit Logging

Monitoring HSM activity is essential to maintaining a high level of security for the highly sensitive material on your HSM. Luna HSMs have logging and reporting abilities to support this. These features are implemented in the HSM firmware for maximum security.

Logging

Secure logging is done at the whole HSM level. The HSM stores a record of past operations that is suitable for security audit review. Audit logging, when configured, sends HSM log event records to a remote logging server, with cryptographic safeguards ensuring verifiability, continuity, and reliability of HSM event log files. Log records can also be accumulated to tar files for alternative handling, and to ensure that limited storage inside the cryptographic module is not filled.

Each log entry indicates what event occurred when, and who initiated it. Critical events are logged automatically.

Audit Management

For circumstances that require more comprehensive review of events taking place on the HSM, an HSM-level Audit role (White PED key for multifactor quorum-authenticated HSMs) can be used. Each HSM has a unique Audit role whose purpose is to manage audits and monitor HSM activity.

The Audit role is independent from the other roles on the HSM. Creating the Audit role does not require the presence of the HSM SO and if the Audit role is initialized, the HSM and partition administrators are prevented from working with the log files. Only the Auditor can add failures, successes, key usage, and other events to the HSM logging procedure.

Audit log integrity is ensured against altering log records. Separating logging and its role from other administrative roles protects critical information related to the operations of your HSM.



	SUPPORT	LEGAL
Luna PCIe HSM 7 Documentation © Copyright 2001-2024, Thales Group Last Updated: 2024-06-26 15:04:20 GMT-04:00	Customer Release Notes Customer Support Portal Support Contacts	End User License Agreement Third Party Software Licenses Document Information