Watson Supply Chain Ideas

Use this form to submit an idea for a new product feature. The product team will review your input and provide status updates as decisions are made regarding the request.

Before you submit a new idea, please view requests that have already been submitted. If your idea has already been submitted, you can add comments or vote on the existing idea, thereby indicating your agreement with the idea. We may use this information to help prioritize development of new features.

 

Submit ideas for Watson Marketing and Watson Commerce products

Encrypted storage and obscured entry of HSM partition password

The new HSM connectivity process within Sterling Integrator v5.2.6 leaves the HSM partition password stored in clear text.
RBS Security rules require the following
1) The partition password must be input in two parts (the password is only released to two separate people, both of whom have signed declarations that they will not disclose their part to the other bearer)
2) The input of the password must be obscured. No part of the password can be viewed during the input process
3) The password must be encrypted at rest. Currently this is in clear text within the new hsm.properties file.

I have been advised to raise this PMR by our IBM consultants (Keith Marsh and Lee Wilson. I will additionally be raising an RfE stating the same requirements.

This requirement is urgent (which is why I have given it severity 2), as our existing Luna4 HSMs are beyond end of life, and the upgrade programme we are currently running (moving from ISBI v5.2.1 to ISBI v5.2.6.3) needs to complete this quarter in order to allow the bank to comply with the SWIFTNet 7.2 programme for FileAct before the November end date

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Aug 4 2018
How will this idea be used?

Protection of the HSM Partition password, ensuring security of certificates stored on the HSM partition

What is your industry? Banking
What is the idea priority? Urgent
DeveloperWorks ID
RTC ID
Link to original RFE
  • Attach files