Formal key ceremonies

Many organisations are unaware of the regulatory or best practice requirements that surround HSM implementation.

Lack of implementation consideration is likely to cause loss of availability to the service when you most depend on it.

Each time a Hardware Security Module (HSM) is placed into service

(whether new or through replacement return) a commissioning process, which is the process of establishing your organisational cryptographic secrets on to the device needs to be undertaken. This procedure is known as a Key Ceremony and has to be conducted with experience to be demonstrable in order to form the core of trust within your security platform and to satisfy the regulatory requirements.

A Key Ceremony is the process of bringing key stakeholders together to generate or load the master keys of a system onto one or more HSMs.

The Key Ceremony is performed by custodians who typically have very little time and expect to be guided through the process which should demonstrate both organisation and security. In many cases explanation of the activities and hand held guidance is also required too.

At the end of the process you need to know that you have not only successfully carried out the technical requirement of generating or loading the Master Key but also captured the relevant details to prove performance and to have the relevant signatories present to complete the formalities required for attestation.

Failure to give this process the due care and attention it deserves will almost certainly mean a costly re-run at some other stage after the project’s go live date.

A successful Key Ceremony requires expertise, documentation and planning – anything less is a waste of time and will leave you exposed.

ID-3 has proven experience in providing Key Ceremonies and knows exactly what it takes to assist you through yours.