Back

Design the hardware security module to enforce the separation between applications.


CONTROL ID
12254
CONTROL TYPE
Systems Design, Build, and Implementation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Implement a hardware security module, as necessary., CC ID: 12222

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Where unsupported software is in use, have those devices been moved to a segregated sub-set and internet access removed and how do you achieve this? (A6.7., Cyber Essentials Scheme (CES) Questionnaire, Version 13)
  • If the HSM supports multiple applications, it must enforce the separation between applications. It must not be possible that one application interferes with or tampers with another application or the OS/firmware of the device, including, but not limited to, modifying data objects belonging to anothe… (B17, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 2.0)
  • If the device supports multiple applications, it must enforce the separation between applications. It must not be possible that one application interferes with or tampers with another application or the OS/firmware of the device, including, but not limited to, modifying data objects belonging to ano… (B17, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 3.0)
  • The information system utilizes underlying hardware separation mechanisms to implement security function isolation. (SC-3(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Employ hardware separation mechanisms to implement security function isolation. (SC-3(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement hardware-enforced separation and policy enforcement mechanisms between [Assignment: organization-defined security domains]. (SC-49 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employ hardware separation mechanisms to implement security function isolation. (SC-3(1) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Implement hardware-enforced separation and policy enforcement mechanisms between [Assignment: organization-defined security domains]. (SC-49 Control, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)