IBM Sterling Ideas
formerly Watson Supply Chain
Submit new product ideas for Watson Supply Chain solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed. Order Management, Store Engagement, Watson Order Optimizer, Inventory Visibility, CPQ and Call Center are now part of Watson Supply Chain
Connect with IBM experts and your peers on the
Supply Chain Collaboration Community and the Order Management Interest Group
Submit ideas for other Watson Customer Engagement Products:
• Watson Marketing
• Watson Campaign Automation
• Watson Commerce
Minimum security requirements:
• The cryptographic strength of a wrapping key must be at least as strong as the keys it is protecting. RSA 2048 does not meet the protection for AES256 keys.
• Alerting must be in place when the password file system is read by a user account other than SFG system account.
• Where a solution/technology has been designed to operate with an embedded HSM card and/or HSM appliance from a vendor and the HSM is used to perform cryptographic functions (e.g. encrypt, decrypt, key generation, key wrapping, data signing, etc), then at a minimum the HSM must be used to protect master keys and the private portion of asymmetric keys. Note, storing a key in a HSM exclusively for key backup/archival purposes is not a cryptographic function.
For elevated cryptographic security:
• Use an HSM to randomly generate keys, i.e. AES keys used for data encryption.
• When session keys are not stored within an HSM (for future use), encrypt data encryption/session keys for system storage using a master wrapping key retained exclusively within an HSM.
• Connect to the HSM using the minimum required version of TLS (currently 1.2).
• Maintain persistent connections to the HSM, however periodic connection refreshes are recommended (e.g. daily).
• For implementations where a password must be presented to an HSM when connecting, retain the password in an external password management system (example: Centrify)
How will this idea be used?
Enhance security around HSM
|What is your industry?||Financial Markets|
|What is the idea priority?||Medium|
|Link to original RFE|