HSM for Dummies The Common Criteria are made up of three parts: Introduction and general model Functional requirements Assurance requirements If you’re searching for protection profiles for an HSM, you’ll find protection profiles for so-called security modules. Caution is called for here, because these are only security modules in smartcard format. The only protection profile that’s currently evaluated and published is provided by the German Federal Office for Information Security (BSI) with the number BSI-CC-PP-0045: Cryptographic Modules, Security Level ‘Enhanced’. What Does Certification Mean for My Project? Misconceptions with regard to certification in particular still abound. The requirements of certifications with regard to functionality frequently mean the functions of HSMs are restricted. The consequence of this is that many manufacturers have introduced the ‘FIPS Mode’. Auditors often expect conformance to certifications, and so the operators run devices in ‘FIPS Mode’. Sometimes the functional scope of an HSM is restricted so much by the certified version that deployment within the relevant application isn’t possible. Customers looking for HSMs need to clarify prior to product selection what exactly they require. 30
HSM_for_Dummies
To see the actual publication please follow the link above