General Security Issues

A secure installation includes protection against both physical and network attacks. Physical protection requires that only authorized administrators have physical access to the Validation Authority server hardware and that actions that can be performed by a single system administrator be limited.

At a minimum, Validation Authority hardware should be located in a locked room that is accessible to authorized users only. Ideally, Validation Authority hardware should be protected by multiple-factor physical access (for example, access card and PIN) and protected by security personnel.

If an unauthorized person is allowed to access the server hardware, he or she could add hostile software to produce invalid certificate status responses. Similarly, an unauthorized user could potentially gain access to secret keys stored on the server or in the HSM.