CyberArk Privileged Access
This document provides information about configuring Futurex HSMs with CyberArk's Privileged Access Security (PAS) solution using PKCS #11 libraries. For additional questions related to your HSM, see the relevant administrator’s guide.
CyberArk's Privileged Access Security (PAS) solution is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise. It enables organizations to secure, provision, manage, control, and monitor all activities associated with all types of privileged identities, such as:
- Administrator on a Windows server
- Root on a UNIX server
- Cisco Enable on a Cisco device
- Embedded passwords found in applications and scripts
The Privileged Access Security solution provides a ‘Safe Haven’ within your enterprise where all your administrative passwords can be securely archived, transferred and shared by authorized users, such as IT staff, on-call administrators, and local administrators in remote locations.
The multiple security layers (including Firewall, VPN, Authentication, Access control, Encryption, and more) that are at the heart of the Privileged Access Security solution offer you the most secure solution available for storing and sharing passwords in an enterprise environment.
After the CyberArk Vault has been installed and has started successfully, you can generate a new Server key on the Vectera Plus, where it will be stored within the confines of a FIPS 140-2 Level 3 validated hardware security module as a non-exportable key.
The Server Key is the key used to “open” the Vault, much like the key of a physical Vault. The key is required to start the Vault, after which the Server key can be removed until the Server is restarted. When the Vault is stopped, the information stored in the Vault is completely inaccessible without that key.
The Guardian Series 3 introduces mission-critical viability to core cryptographic infrastructure, including:
- Centralization of device management
- Elimination of points of failure
- Distribution of transaction loads
- Group-specific function blocking
- User-defined grouping systems
Please see applicable guide for configuring HSMs with the Guardian Series 3.