2
Data sheet | HP Atalla Secure Configuration
Assistant-3
Security and regulatory requirements dictate that at least two trusted individuals
participate in all key entry operations and approve all security-related changes. All too
often, this requirement results in carefully trained users standing in the data center, typing
in cryptographic key components, and navigating elaborate, non-intuitive menu trees in
an attempt to configure the HSM correctly. With more data centers moving to lights-out
operation and strict control of physical access to the data center, such a manual and
error-prone approach is unacceptable to most HP customers.
The HP Atalla Secure Configuration Assistant-3 (SCA-3) is a versatile tablet-based tool that
implements the well-regarded SCA-2 on an easy-to-read tablet platform. The SCA-3 still
enables security administrators to easily configure commands, define parameters, calculate
cryptograms, and inject cryptographic keys into HP Atalla Network Security Processors
(NSPs) in a trusted manner. Now, an easy-to-use GUI with natural event and decision flow
is even more convenient to navigate on wider tablet screens thereby improving security
administrator user experience and productivity.
The Atalla SCA-3 can be directly or remotely connected to an Atalla NSP. Atalla SCA-3 security
administrator smart cards perform individual user authentication and support multiple
controls for Atalla NSP configuration. Atalla SCA-3 shareholder cards provide “L of M” quorum
control for quickly replicating and restoring Atalla NSP configurations on new or restored
NSP hardware.
Features and benefits
Features at a glance:
• Tablet-based GUI saves time, enhances understanding, and facilitates entry accuracy.
• SCA-3 is fully backward compatible with SCA-2 based smart cards, as well as
older Atalla Ax150 and Ax160 NSP devices.
• Custom Atalla SCA-3 smart cards support identity-based authentication, encrypted
communication, and protected cryptographic key component storage.
• Atalla SCA-3 shareholder cards provide “L of M” quorum control for quick replication of
configurations on both local and remote Atalla NSPs.
• Intuitive GUI interface enables security administrators to configure an Atalla NSP with
minimal training.
The Atalla SCA-3 is based on a security-enhanced tablet, presenting an easy-to-use GUI
that saves time and reduces risk of data entry errors. The Federal Information Processing
Standard (FIPS) 140-2 level 3 evaluated Atalla SCA-3 smart card performs all cryptographic
functions and stores security-relevant data (for example, key components) to provide
customer data security.
Physical and logical security
The Atalla SCA-3 is manufactured with tamper-evident seals. Logical security features
include digital code signing to prevent unauthorized software execution. The custom
Atalla SCA-3 smart card has been certified to FIPS 140-2 level 3 requirements. Together,
the Atalla NSP and Atalla SCA-3 are leaders in meeting industry needs for end-to-end
protected key initialization.
Smart cards
Atalla SCA-3 smart cards are personalized to individual cardholders, such as security
administrators, IT managers, or executives. An organization defines its own security policy
by setting the minimum number of cardholders required to approve each type of security
action. Atalla SCA-3 uses public key cryptography to establish an encrypted channel with
the Atalla NSP. All subsequent communication between these devices is symmetrically
encrypted. Security associations are formed between the SCA-3 smart cards and the
Atalla NSP products they configure and manage.
