- Verification
Verify that the documented technical capabilities of the appliance are as understood from the documentation that was reviewed in the Preparatory phase by testing its performance and support for the required cryptographic algorithms. Although not quoted in the specification it will also be important to understand the overall reliability of the appliance, the redundancy capability and how to setup the appliance(s) to cope with the possibility of failure. The operation of the console management interface and setup of the master key should be checked, together with the process for setting up user PINs. The overall security of the appliance should be reviewed in order to determine the necessary hosting requirements that will be needed to keep test users data secure. In particular we should check that the tamper -detection mechanisms of the HSM operate and there is adequate protection of the management interface to prevent unauthorized access. Check that the outputting of plain text data is prevented and no plain text data appears on the network connection. - Operational Validation
Determine how suitable the appliances are for deployment as a testbed by exercising them with some relevant test services that will use the PKCS#11 interface in order to understand the 'real-time' performance and how many transactions can be supported concurrently. It is assumed this will have a limiting factor defined by the context switching overhead. Check what management operations will need to be performed and whether the administration of the device requires somebody to be physically present. Determine the best means to interface the HSM(s) onto the network to ensure logical security and prevent access by malicious actors. Determine how interested parties shall register for and gain access the service - who shall be allowed to use the service? Consider how the incident management and support process for the service will operate. Estimate operational costs of supporting the service. - Community Need
Contact those services who expressed an interest during the Preparatory phase to see if they are still interested in using the testbed service (given the changed circumstances). Prepare a presentation and infoshare on the testbed offering and discuss this with NRENS to gauge the level of interest. Identify parties interested to run the service. - Supporting materials
Create a draft usage policy for users of the service Create suitable draft documentation for the operators and users of the service Develop a usage policy for administrators of the service - exporting of keys, key usage, authentication etc.
|