beautypg.com

HP FIPS 140-2 User Manual

Page 12

background image

Security Policy, version 1.0

January 31, 2008

HP StorageWorks Secure Key Manager

Page 12 of 26

© 2008 Hewlett-Packard Company

This document may be freely reproduced in its original entirety.

Service

Description

Keys/CSPs

Perform first-time
initialization

Configure the module when it is used for the
first time

Crypto Officer (admin) password
– write;

Kdsa public/private – write;
Krsa private – write;

Krsa private – write;
Log signing RSA key – write;
Log signature verification RSA
key – write;

KRsaPub – write;

KRsaPriv – write.

Upgrade firmware

Upgrade firmware (firmware must be FIPS-
validated)

Firmware upgrade key – read

Configure FIPS mode

Enable/disable FIPS mode

None

Manage keys

Manage all client keys that are stored within
the module. This includes the generation,
storage, export (only public keys), import, and
zeroization of keys.

Client keys – write, read, delete;

PKEK – write, read, delete.

Manage clusters

Manage all clusters that are defined within
the module. This includes the creation,
joining, and removal of a cluster from the
module.

Cluster Member passwords –
write, delete

Manage services

Manage all services supported by the
module. This includes the starting and
stopping of all services.

None

Manage operators

Create, modify, or delete module operators
(Crypto Officers and Users).

Crypto Officer passwords –
write, delete; User passwords –
write, delete

Manage certificates

Create/import/revoke certificates

KRsaPub – write, read, delete;
KRsaPriv – write, read, delete;
CARsaPub – write, read, delete;
CARsaPriv – write, read, delete;

Client RSA public keys – read.

Reset factory settings

Rollback to the default firmware shipped with
the module

All keys/CSPs – delete

Restore default
configuration

Delete the current configuration file and
restores the default configuration settings

None

Restore configuration
file

Restore a previously backed up configuration
file

None

Backup configuration
file

Back up a configuration file

None

Zeroize all keys/CSPs

Zeroize all keys and CSPs in the module

All keys and CSPs – delete

2.4.2 User

Role

The User role is associated with external applications or clients that connect to the KMS via its XML interface.
Users in this role may exercise services—such as key generation and management—based on configured or
predefined permissions. See Table 7 – User Services for details. The keys and CSPs in the rightmost column
correspond to the keys and CSPs introduced in Section 2.7.1.

See also other documents in the category HP Hardware: