A new protection profile has been introduced, giving manufacturers a standard by which to certify (HSMs). The new protection profile, which is expected to be accepted under eIDAS (EU regulation 910/2014), provides a common EU standard for HSMs. Our HSMs that are certified to this standard will meet EU governmental requirements for HSM procurement across the whole of the EU, where in many cases the American FIPS 140 standard has not been acceptable.
ANSSI, the French national agency for information systems and one of the bodies recognised under the Common Criteria scheme for certifying security products and standards, has certified the EN 419 221-5 Protection Profile for HSMs. We, along with a committee of other HSM manufacturers, users, security agencies, and specialists under the CEN working group WG17, are editors for this protection profile and are instrumental in its delivery.
The adoption of EN 419 221-5 is a step forward for customers, the market, and HSM manufacturers. It will enable HSM manufacturers to certify their products as compliant with the European eIDAS Regulation (Reg.910/2014/EU) and will simplify the audit requirements of Trusted Service Providers who use certified HSMs as a part of their secure services. Certification to EN 419 221-5 will also provide opportunities outside of the eIDAS regulation, for instance in smart metering systems or where Common Criteria certification is required.
To serve the growing global digital economy with highly secure solutions, We are committed to certifying nShield HSMs to this new standard.
Today, nShield Solo+ and Connect+ HSMs are Common Criteria certified and classified as Qualified Signature Creation Devices (QSCDs) under the current eIDAS Regulation. Our certified nShield HSMs can be used to generate and protect the encryption and signing keys for a variety of Trust Services such as the following:
- Signing certificates and time stamps issued by a Trusted Service Provider; signing revocation information for Certificate Revocation Lists and for OCSP revocation
- Signing objects created by Trust Service Providers for such things as electronic delivery or long term electronic signature preservation
- Remote signing; as required by the Regulation, our HSMs can be used to ensure a signing key can be used to sign a document with the key owner's authority. Furthermore our HSMs can manage the large numbers of keys needed for a practical remote signing solution.
- Local document sealing, for situations where a signing key is under the control of an organisation the key represents, rather than an individual
Certified nShield HSMs serve, and will continue to serve, as the root of trust for eIDAS compliant solutions, both today, and as new standards evolve.
Details of the new certification standard can be found here.