Richard, Should we add this to the agenda for this week's call?
Thanks Dean Dean Coclin Sr. Director Business Development M 1.781.789.8686 From: Cscwg-public <[email protected]> On Behalf Of Richard Kisley via Cscwg-public Sent: Tuesday, January 2, 2024 5:31 PM To: [email protected] Subject: [Cscwg-public] Consider PCI-HSM certification for Code signing HSMs Hi, Thank you for the opportunity to discuss this topic. My apologies for not sending this sooner, EOY work (day job) and the holidays took over my time. My AOB question on 12/14 was: 'would the group consider adding PCI HSM as an acceptable certification for Code Signing workloads?' Please find attached the PCI HSM v4 pdf from the PCI SSC documents page (https://www.pcisecuritystandards.org/document_library/ <https://url.avanan.click/v2/___https:/www.pcisecuritystandards.org/document _library/___.YXAzOmRpZ2ljZXJ0OmE6bzozZGY5OGQ5NmZiZTQwNzMwYTBjZTBjYTNhY2M1NWQ xMTo2OmEwZGI6ODc2MzRlMWNhZDNmYmQ5MTI3OWVmMjkwYTE5ZDc2NGU3ODQ4NDhjZmQ4Mjc1OTB mYWY1ZDdkMzdkYmUzYjQ5YjpoOkY> , filter by 'PTS'). Note that in this location you have also the 'FAQs', which "enhance" understanding of various topics. My reasons for suggesting this: 1. PCI (PTS) HSM is a robust program for HSM evaluation in the payment security space. 2. The financial services world, while having some unique requirements (in particular for PKI), is in my opinion not so different for overall device validation 3. FIPS 140-3 & FIPS 140-2 (now closed) CMVP programs have a long queue that is delaying products by well over a year 4. CC, while valuable in many markets, is not universal 5. Adding PCI-HSM closes the loop across the main HSM evaluation regimes Thanks, Richard Kisley ____________________________________________________________________ Firmware & Security Architect, IBM Senior Technical Staff Member, Master Inventor Payment Card Industry Professional (PCIP) IBM Cryptographic Technology Development <https://url.avanan.click/v2/___http:/www.ibm.com/security/cryptocards/___.Y XAzOmRpZ2ljZXJ0OmE6bzozZGY5OGQ5NmZiZTQwNzMwYTBjZTBjYTNhY2M1NWQxMTo2OjdkNzg6O DlhM2QyN2RlMzg4NGRiMzVhYTg2NzkyNGI5ODk5MDVkZjgwMmRkM2I4NGQ0YzY4NGYzZDI4MDQxZ TEyZmIwOTpoOkY> http://www.ibm.com/security/cryptocards/ <mailto:[email protected]> [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cscwg-public mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/cscwg-public
