High Security Module (HSM)
Meet or exceed security mandates
The Globalscape High Security Module (HSM) achieves or exceeds security practices mandated by the most rigorous standards, including PCI-DSS, FIPS 140-2 Validation, HIPAA, and Sarbanes-Oxley. Whether the business is obligated to comply or they simply desire the utmost in security standards, the HSM is the solution for securing data transfer, access, and storage.
Protection of data at rest – Helps organisations comply with data storage requirements, including not storing data in the DMZ, using repository encryption and securely wiping deleted data.
Protection of data in transit – Ensures the use of secure protocols, strong ciphers, encryption keys and password policies, data transfers strictly follow all security guidelines.
Controlled Access to Data – Enforces strong account access policy controls, including lock out of accounts after incorrect login attempts, time bound passwords and removal of inactive accounts. All server activity is also captured in a fully relational database.
Easy security configuration – Setup wizards provide administrators with an easy, step-by-step method to configuring a new high-security-enabled Site, each page describes the requirements and what is needed to meet that requirement, or to provide a compensating control (workaround).
Minimised attack vector – Leverages the existing Active Directory account for EFT administrators, eliminating the need to create, maintain and track standards compliance of built in accounts.
Ongoing standards compliance – Compliance with security standards such as PCI DSS, is an ongoing task, HSM is an ever-vigilant security tool that disallows low-security options, captures compensating controls, and generates reports for auditing the system’s compliance status..
Actively monitor PCI DSS compliance – Actively monitors PCI DSS by alerting on non-compliance, identifying the cause of non-compliance, allowing reverting of security controls, implementing mitigation/workaround techniques. The Auditing and Reporting module (ARM) captures all of this activity in a fully relational database.
This module is only fully functional when used in conjunction with the Auditing and Reporting Module (ARM).
PCI DSS Compliance
HSM achieves and exceeds security practices mandated by the Payment Card Industry Data Security Standard (PCI DSS) version 3 for data transfer, access and storage.
HSM comes with a built-in FIPS 140-2 Validated cryptographic library to provide secure transfer of information.