CIMC Security level 4 provides the highest PKI security protection. It is intended for environments in which threats to and consequences of data disclosure and loss of data integrity by either authorized or unauthorized users are significant to the organization.
Security level 4 defines four PKI management roles:
■ CA administrator. Responsible for account administration and key generation of the CA certificate's key pair.
■ Certificate manager. Responsible for certificate management including functions such as issuing and revoking certificates.
■ Auditor. Responsible for maintaining and viewing the CA audit log entries in the Windows Security log.
■ Backup operator. Responsible for performing backups of PKI information.
Security level 4 requires signed third-party timestamping of audit logs to increase integrity. In addition, cryptographic modules at each CA must be validated to FIPS 140-1 level 4.
Note The only cryptographic module rated at FIPS 140-1 level 4 at the time of publication is the AEP SureWare Keyper Enterprise (www.aepsystems.com /prod_keyper_ent.htm). More FIPS 140-1 level 4 devices are expected to be available in the near future.
Was this article helpful?