| |
|
HSM |
Business Application |
| |
|
HSM |
Key Custodian |
| encrypt |
|
HSM |
Business Data |
| |
|
HSM |
External Key Storage |
| |
|
HSM |
Malicious Person |
| |
|
HSM |
Priviledged Account |
| |
|
CRYP-001 - Cyptographic Key Unavailability |
Malicious Person |
| |
|
CRYP-001 - Cyptographic Key Unavailability |
Business Application |
| |
|
CRYP-001 - Cyptographic Key Unavailability |
Key Custodian |
| |
|
CRYP-002 - Unauthorized access to the HSM |
Malicious Person |
| |
|
CRYP-002 - Unauthorized access to the HSM |
Key Custodian |
| |
|
CRYP-002 - Unauthorized access to the HSM |
Priviledged Account |
| |
|
CRYP-002 - Unauthorized access to the HSM |
Business Application |
| |
|
CRYP-003 - Cyptographic Key Theft |
Malicious Person |
| |
|
CRYP-003 - Cyptographic Key Theft |
Key Custodian |
| |
|
CRYP-003 - Cyptographic Key Theft |
Priviledged Account |
| |
|
CRYP-004 - Cyptographic Key Disclosure |
HSM |
| |
|
CRYP-005 - Cyptographic Key Unavailability |
Key Custodian |
| |
|
CRYP-006 - Non-compliance to Standards, Requirements and Regulation |
HSM |
| |
|
External Key Storage |
Key Components |
| |
|
External Key Storage |
Encrypted Key Blobs |
| |
|
AC-2: Account Management |
CRYP-002 - Unauthorized access to the HSM |
| |
|
AC-3: Access Enforcement |
CRYP-002 - Unauthorized access to the HSM |
| |
|
CM-7: Least Functionality |
CRYP-002 - Unauthorized access to the HSM |
| |
|
IA-2: Identification and Authentication (organizational Users) |
CRYP-002 - Unauthorized access to the HSM |
| |
|
PE-3: Physical Access Control |
CRYP-002 - Unauthorized access to the HSM |
| |
|
CP-9: System Backup |
CRYP-005 - Cyptographic Key Unavailability |
| |
|
CP-10: System Recovery and Reconstitution |
CRYP-005 - Cyptographic Key Unavailability |
| |
|
SC-24: Fail in Known State |
CRYP-005 - Cyptographic Key Unavailability |
| |
|
IA-7: Cryptographic Module Authentication |
CRYP-001 - Cyptographic Key Unavailability |
| |
|
SC-12: Cryptographic Key Establishment and Management |
CRYP-001 - Cyptographic Key Unavailability |
| |
|
SC-12: Cryptographic Key Establishment and Management |
CRYP-006 - Non-compliance to Standards, Requirements and Regulation |
| |
|
SC-12: Cryptographic Key Establishment and Management |
CRYP-004 - Cyptographic Key Disclosure |
| |
|
SC-16: Transmission of Security and Privacy Attributes |
CRYP-001 - Cyptographic Key Unavailability |
| |
|
IR-4: Incident Handling |
CRYP-003 - Cyptographic Key Theft |
| |
|
SC-28: Protection of Information at Rest |
CRYP-003 - Cyptographic Key Theft |
| |
|
SI-7: Software, Firmware, and Information Integrity |
CRYP-003 - Cyptographic Key Theft |
| |
|
PL-8: Security and Privacy Architectures |
CRYP-004 - Cyptographic Key Disclosure |
| |
|
SR-11: Component Authenticity |
CRYP-004 - Cyptographic Key Disclosure |
| |
|
SR-3: Supply Chain Controls and Processes |
CRYP-006 - Non-compliance to Standards, Requirements and Regulation |
| |
|
RA-3: Risk Assessment |
CRYP-006 - Non-compliance to Standards, Requirements and Regulation |
| |
|
PL-2: System Security and Privacy Plans |
CRYP-006 - Non-compliance to Standards, Requirements and Regulation |
![HSM [Threat Model]](../images/id-3ee46458e2594e37bf57e37b8c94493c.png)