CyberArk Privileged Access

this document provides information about using pkcs #11 libraries to configure our hsms with the cyberark privileged access security (pas) solution for additional questions related to your hsm, see the relevant administrator guide application description the cyberark privileged access security (pas) solution is a full life cycle solution for managing the most privileged accounts and ssh keys in the enterprise it enables organizations to secure, provision, manage, control, and monitor all activities associated with all types of privileged identities, such as administrator on a windows server root on a unix server cisco enable on a cisco device embedded passwords found in applications and scripts the pas solution provides a safe haven within your enterprise where authorized users, such as it staff, on call administrators, and local administrators in remote locations can securely archive, transfer, and share all your administrative passwords the multiple security layers (including firewall, vpn, authentication, access control, encryption, and more) that are at the heart of the privileged access security solution offer you the most secure solution available for storing and sharing passwords in an enterprise environment after you install and start the cyberark vault, you can generate a new server key on the {{vectera}} , where you can store it within the confines of a fips 140 2 level 3 validated hsm as a non exportable key the server key is the key provides access to the vault, much like an actual key opens a physical vault you need to use the key to start the vault, after which you remove the server key unless you need to restart the server when you stop the vault, the information stored in the vault is completely inaccessible without the server key guardian integration the {{guard}} introduces mission critical viability to core cryptographic infrastructure, including centralization of device management elimination of points of failure distribution of transaction loads group specific function blocking user defined grouping systems see the applicable guide in the {{futurex}} portal for configuring hsms with the {{guard}} , including pkcs #11 and cng configuration