HSM for Dummies
Standards and Norms
All these issues and requirements, in the physical protection area in particular,
are detailed in ISO 19790 from 2012. This standard contains the definition of the
‘cryptographic module’ device. You can find a very good definition of different
security levels and their objectives, and a detailed description of the requirements
for hardware protection and software measures. It also provides a comprehensive
requirement analysis of the permissions-and-roles model of an HSM.
The second HSM standard we’d like to introduce to you is ISO 24759. This is the
test requirement for cryptographic modules corresponding to standard ISO
19790.
Conclusion
You’ve seen in this section which design principles, which security requirements
and which physical protection measures are deployed for HSMs. We’ve also briefly
introduced to you the current standards for HSMs. These fundamental definitions
appear also in the different certification schemes, such as FIPS and Common
Criteria. Please head to Section 4 for more information.
20