Protect sensitive information within the hardware security module from unauthorized changes.

Back

CONTROL ID
12225

CONTROL TYPE
Systems Design, Build, and Implementation

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Implement a hardware security module, as necessary., CC ID: 12222

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

Sensitive functions or information are only used in the protected area(s) of the HSM. Sensitive information and functions dealing with sensitive information are protected from modification or substitution, without requiring an attack potential of at least 26 per HSM for identification and initial ex… (A5, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 2.0)
Production software (e.g., firmware) that is loaded to devices at the time of manufacture is transported, stored, and used under the principle of dual control, preventing unauthorized modifications and/or substitutions. (D4, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 2.0)
Production software (e.g., firmware) that is loaded to devices at the time of manufacture is transported, stored, and used under the principle of dual control, preventing unauthorized modifications and/or substitutions. (I4, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 3.0)
Sensitive functions or information are only used in the protected area(s) of the device. Sensitive information and functions dealing with sensitive information are protected from unauthorized modification or substitution, without requiring an attack potential of at least 26 per device for identifica… (A3, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 3.0)