Re: [ksk-change] FIPS-140 levels
Hi Tomofumi, At 15:37 06-10-2014, Tomofumi Okubo wrote:
Yes, that's right but that is if the other security controls successfully detects the compromise. The mechanism on the HSM will be the last line of defense if the other security controls fail for some reason. This is why in the ICANN definition, HSM is labelled as Tier 7.
The HSM is currently at Tier 6. If I recall correctly I commented about that previously. I suggested a change a few months ago. I am waiting for feedback about the suggestion. Regards, S. Moonesamy
Hello Subramanian, In the current design, HSM is in Tier 6 (Safe) and the HSM itself is defined as Tier 7. I'm probably not subscribed in the list you posted the suggestion... I will ask the key managers. Cheers, Tomofumi On Mon, Oct 6, 2014 at 4:24 PM, S Moonesamy <sm+icann@elandsys.com> wrote:
Hi Tomofumi, At 15:37 06-10-2014, Tomofumi Okubo wrote:
Yes, that's right but that is if the other security controls successfully detects the compromise. The mechanism on the HSM will be the last line of defense if the other security controls fail for some reason. This is why in the ICANN definition, HSM is labelled as Tier 7.
The HSM is currently at Tier 6. If I recall correctly I commented about that previously. I suggested a change a few months ago. I am waiting for feedback about the suggestion.
Regards, S. Moonesamy
participants (2)
-
S Moonesamy -
Tomofumi Okubo