Peso de Carbono Capturado

• Validate all the PC openings specified above are covered with tamper-evident, serialized security

seals. Validate the seals are recorded in a log that is stored in a dual control safe and that verification

of the seals is performed prior to key loading activities.

• If the PC application stores keys on diskette or smart cards, validate those devices are stored

under dual control when not in use.

• Validate passwords are maintained under dual control and split knowledge.

• Validate manufacturer’s default passwords have been changed.

Page 39 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012 Visa Public

Key-Injection

Facility Security

Requirement

Testing Procedures

14. All hardware and passwords used for key-loading must be managed under dual control. International/Industry Standard

Key-injection facilities must ensure that the key-injection application passwords and user IDs are managed under dual control. Also, the hardware used for key-injection must be managed under dual control. Vendor default passwords must be changed. Any hardware used in the key-loading function must be controlled and maintained in a secure environment under dual control. Use of the equipment must be monitored and a log of all key-loading activities maintained for audit purposes. All cable attachments must be examined before each application to ensure they have not been tampered with or compromised. Passwords must be managed such that no single individual has the capability to enable key loading.

Any physical (e.g., brass) key(s) used to enable key-loading must not be in the control or possession of any one individual who could use those keys to load secret or private cryptographic keys under single control.

Applicability–Question Scope This question applies to:

• Key loading equipment, specifically to ensuring dual control over the equipment and/or any enabling passwords used with the key loading devices and systems.

• It also applies to key loading equipment used to load: all ATMs, PIN pads, and PIN entry devices. • Key loading equipment used to load the Master Keys and hierarchy keys used by the Host • Security Modules that are part of the key injection platform.

• Key loading equipment used to load any keys used internally by the key injection platform. • Key loading equipment used to load Master keys and hierarchy keys used by a CA’s Host • Security Module.

• Key loading equipment used to load all Public and Private key pairs used in the remote key establishment and distribution schemes

Intent of Question

To ensure the secrecy and integrity of keys during the key loading process, specifically to contribute to this by ensuring dual control over the use of key loading devices.

Testing Procedures

1. Interview appropriate personnel and review documentation to determine the procedures for the use of any key loading equipment or device enablers that are used for either HSMs that are part of the key loading platform, and CA’s HSMs or PEDs. Examine emergency procedures in order to determine whether dual control rules are violated under those

Page 40 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012

Visa Public

circumstances.

2. Inspect storage locations of key loading equipment (including physical brass keys used to enable loading, passwords, key guns, etc.) to ensure enforcement of dual control (procedural controls are not adequate).

3. Review logs of equipment usage to determine documentation of dual custody and that only authorized individuals have access.

4. Ensure dual control mechanisms and dual control custody of the key loading devices and of the key loading process. 5. Ensure the SCD equipment is inspected for evidence of monitoring.

6. Ensure there is no default dual control mechanisms (e.g., default passwords— usually printed in the vendor's manual—in a key loading device).

7.

Verify that if passwords are used for key loading, they are under dual control, and that no one person has access to the full password.

Page 41 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012 Visa Public

Key-Injection

Facility Security

Requirement

Testing Procedures

15. The loading of keys or key components must incorporate a validation mechanism such that the authenticity of the keys is ensured and it can be ascertained that they have not been tampered with, substituted, or compromised.

International/Industry Standard

A cryptographic-based validation mechanism helps to ensure the authenticity and integrity of keys and components (e.g., testing-key check values, hashes, or other similar unique values that are based upon the keys or key components being loaded). See ISO 11568. Recorded or displayed key-component check values and key check values shall not exceed six hexadecimal characters in length.

The public key must have its authenticity and integrity ensured. In order to ensure authenticity and integrity, a public key must be encrypted, or if in plain-text form, must:

• Be within a certificate; or • Be within a PKCS#10; or • Be within a SCD; or

• Have a MAC (message authentication code) created using the algorithm defined in ISO 9807.

Applicability–Question Scope

This question applies to:

• Mechanisms (e.g., key check values, hashes, etc.) that validate the keys and key components that are loaded.

• Key loading validation mechanisms used to load all cryptographic keys for all ATMs, PIN pads, and PIN entry devices,

• Key loading validation mechanisms used to load Master Keys and hierarchy keys used by the Host Security Modules that are part of the key injection platform.

• Key loading validation mechanisms used to load any keys used internally by the key injection platform

• Key loading validation mechanisms used to load Master Keys and hierarchy keys used by a CA’s Host Security Module.

• Key loading validation mechanisms used to load all Public and Private key pairs used in the remote key establishment and distribution scheme.

Intent of Question

To ensure the integrity and authenticity of keys after loading. To be able to validate that the key on the system and in the PED is in fact the key that is desired to be on the system and in the PED, (i.e., to ensure that the key was not tampered with, substituted, or compromised during the loading process)..

Page 42 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012

Visa Public

Testing Procedures

1. Interview appropriate personnel and review documentation (including both logs and procedural) to determine the mechanisms used to validate the authenticity of the keys loaded to HSMs that are part of the key loading platform, and CA’s HSMs and PEDs.

2. Review vendor documentation to determine which methods of verification for key loading are supported. 3. Observe a demonstration of the key loading process.

4. If check values are used, compare key check values against those for known, default, test, predictable, easily guessed or “simple” keys. Such check values are often printed in vendor manuals.

5. Verify check sum digits do not exceed six hexadecimal characters.

6. If the public key scheme includes the embedding of valid authorized key distribution host certificates in EPPs/PEDs, then verify that the loading of these certificates, if done at key injection time, includes procedures to ensure only legitimate key distribution host certificates are loaded. Review documentation, interview key injection personnel, and witness the loading process to validate the authenticity of the certificates loaded into the EPPs/PEDs.

7. If the Public/Private key pairs are generated external to the device that uses the key pair, validate that the key loading process provides for key protection. Review documentation, interview key injection personnel, and witness a key loading process to validate that the key pair is not tampered with, substituted or compromised during the transfer from the generation device to the target device. Also validate that the key pair is immediately deleted from the generation device (to ensure no other device can be loaded with the key pair) after successful loading to the target device.

8.

Verify that public keys exist in only the allowed storage forms.- certificates, PKCS #10s, in a secure cryptographic device, encrypted, or have a MAC (Message Authentication Code) created using the algorithm defined in ISO 9807.

9.

Verify that validation of authentication credentials occurs immediately prior to any key establishment for both initial and any subsequent key exchanges in remote key distribution environments.

Page 43 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012 Visa Public

Key-Injection

Facility Security

Requirement

Testing Procedures

16. .Documented procedures must exist and be demonstrably in use (including audit trails) for all key-loading activities.

International/Industry Standard

Written procedures must exist and all parties involved in cryptographic key-loading must be aware of those procedures. All key- loading events performed by a key-injection facility must be documented.

Applicability–Question Scope

This question applies to written procedures that describe how all cryptographic keys are loaded. This applies to all keys loaded into all ATMs, PIN pads, PIN entry devices, host security modules (including CA’s HSMs) and key loading devices.

Intent of Question To ensure that:

• Adequate and appropriate documented written procedures exist for the loading of all cryptographic keys. • Documented procedures are followed and keys are not loaded in any other (especially non- compliant) manner. Testing Procedures

Page 44 of 76

Visa KIF Auditor Guide Last Updated: July 2012 ©2012

Visa Public

Control Objective 5– Prevent Unauthorized Usage

In document Abonamiento foliar orgánico en la producción de Biomasa y rendimiento del cultivo de Maíz Suave (Zea Mays l) raza pidicinco Banda de Shilcayo San Martín (página 67-74)