Privileged access management

CyberArk Privileged Access

3min

This document provides information about using PKCS #11 libraries to configure our HSMs with the CyberArk Privileged Access Security (PAS) solution. For additional questions related to your HSM, see the relevant administrator guide.

Application description

The CyberArk Privileged Access Security (PAS) solution is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise. It enables organizations to secure, provision, manage, control, and monitor all activities associated with all types of privileged identities, such as:

  • Administrator on a Windows server
  • Root on a UNIX server
  • Cisco Enable on a Cisco device
  • Embedded passwords found in applications and scripts

The PAS solution provides a safe haven within your enterprise where authorized users, such as IT staff, on-call administrators, and local administrators in remote locations can securely archive, transfer, and share all your administrative passwords.

The multiple security layers (including Firewall, VPN, Authentication, Access control, Encryption, and more) that are at the heart of the Privileged Access Security solution offer you the most secure solution available for storing and sharing passwords in an enterprise environment.

After you install and start the CyberArk Vault, you can generate a new server key on the

, where you can store it within the confines of a FIPS 140-2 Level 3-validated HSM as a non-exportable key.

The server key is the key provides access to the Vault, much like an actual key opens a physical vault. You need to use the key to start the Vault, after which you remove the Server key unless you need to restart the server. When you stop the Vault, the information stored in the Vault is completely inaccessible without the server key.

Guardian integration