Security Policy, version 1.0
January 31, 2008
HP StorageWorks Secure Key Manager
Page
2
of 26
© 2008 Hewlett-Packard Company
This document may be freely reproduced in its original entirety.
Table of Contents
1
INTRODUCTION ...............................................................................................................................................5
1.1
P
URPOSE
.........................................................................................................................................................5
1.2
R
EFERENCES
...................................................................................................................................................5
2
HP STORAGEWORKS SECURE KEY MANAGER .....................................................................................6
2.1
O
VERVIEW
......................................................................................................................................................6
2.2
C
RYPTOGRAPHIC
M
ODULE
S
PECIFICATION
....................................................................................................6
2.3
M
ODULE
I
NTERFACES
....................................................................................................................................8
2.4
R
OLES
,
S
ERVICES
,
AND
A
UTHENTICATION
...................................................................................................11
2.4.1
Crypto Officer Role..............................................................................................................................11
2.4.2
User Role .............................................................................................................................................12
2.4.3
HP User Role.......................................................................................................................................13
2.4.4
Cluster Member Role ...........................................................................................................................14
2.4.5
Authentication......................................................................................................................................14
2.4.6
Unauthenticated Services ....................................................................................................................15
2.5
P
HYSICAL
S
ECURITY
....................................................................................................................................15
2.6
O
PERATIONAL
E
NVIRONMENT
......................................................................................................................15
2.7
C
RYPTOGRAPHIC
K
EY
M
ANAGEMENT
..........................................................................................................15
2.7.1
Keys and CSPs.....................................................................................................................................15
2.7.2
Key Generation ....................................................................................................................................19
2.7.3
Key/CSP Zeroization............................................................................................................................19
2.8
S
ELF
-T
ESTS
..................................................................................................................................................19
2.9
M
ITIGATION OF
O
THER
A
TTACKS
.................................................................................................................20
3
SECURE OPERATION ....................................................................................................................................21
3.1
I
NITIAL
S
ETUP
..............................................................................................................................................21
3.2
I
NITIALIZATION AND
C
ONFIGURATION
.........................................................................................................21
3.2.1
First-Time Initialization.......................................................................................................................21
3.2.2
FIPS Mode Configuration ...................................................................................................................21
3.3
P
HYSICAL
S
ECURITY
A
SSURANCE
................................................................................................................22
3.4
K
EY AND
CSP
Z
EROIZATION
........................................................................................................................24
3.5
E
RROR
S
TATE
...............................................................................................................................................24
ACRONYMS..............................................................................................................................................................25
