Frequently Asked Questions (FAQ)¶
- Q: Is NetHSM FIPS or Common Criteria certified?
Not yet but we are aiming for certifications in the future. Please contact us if you are interested in supporting these efforts.
- Q: Which protections against physical tampering are in place?
NetHSM is sealed which allows to detect physical tampering. It contains a TPM which is protected against physical tampering. The TPM is the root of trust and securely stores cryptographic keys which are used to encrypt and decrypt further data and keys in the NetHSM. This protects against booting malicious firmware and software and decrypting data and keys being stored. The current NetHSM doesn’t contain additional sensors to detect tampering.
- Q: Where can I learn more about NetHMS’s security architecture and implementation?
Start with the chapters Getting Started, Administration and Operations. Proceed with the following resources.
- Q: Roadmap: Which features are planned?
We plan the following developments in the loose order. Changes to this prioritization based on customer requests are possible.
Productive usable software container
Additional ECC: ECDH (X25519, NIST), secpXk (Koblitz) , Brainpool
Quorum: m-of-n access scheme and security domain management
Performance improvements
Direct, dynamic cluster capability, possibly support for external database
Remote attestation and cloud service
User authentication via mTLS certificates or FIDO
More user rights management (e.g. additional roles, groups)
Further separations and hardenings
FIPS and/or Common Criteria certifications
Redundant power supplies