Securing Access to ActivID Appliance
It is important that physical access to ActivID Appliance be restricted.
Security Roles and Personnel Control
ActivID Appliance roles and other subsystem operating roles must be assigned to authenticated personnel only.
- The priority role to be assigned is that of the local ActivID Appliance Security Officer (SO). The SO role for ActivID Appliance is in charge of monitoring for adherence to software security policies and procedures by local personnel. The SO also monitors security of the hardware at the operating site(s).
- Specifically, the SO role must supervise and manage control of ActivID Appliance so that role separation is maintained and so that access privileges are not abused or misused.
- When a deployment spans multiple operating sites, there must be multiple SO’s to supervise, monitor, and maintain security policies.
- Each ActivID Appliance SO must obtain (and maintain updates to) records that document role assignments and revocations.
Hardware and Physical Security
The ActivID Appliance must be located in a physically secure environment with restricted levels of access that are allowed ONLY based upon an authorized role. For example, personnel using a key, an access badge, or other supported means must be restricted based on the type or level of access to ActivID Appliance and its subsystems (the HSM, database and other components of the solution) that their specific roles provide.
Also exercise special care when deploying ActivID Appliance in a virtual machine environment. From the standpoint of security and reliability, the virtual machine environment must be just as secure and as reliable as the physical machines it replaces.
