Introduction to the HS Module

Introduction to the High Security Module (HSM)

The High Security module (HSM) helps achieve or exceed security practices mandated by the most rigorous standards, including PCI DSS v1.2*, FIPS 140-2 Validation, HIPAA, and Sarbanes-Oxley. Visit our website for a more detailed introduction to the HSM.

(*EFT Server v6.4 and later support PCI DSS v2.)

Features of the High Security Module

The optional features exclusive to the HSM are listed below:

FIPS-compliant protocols and ciphers
Enables auditing of administrator changes (Admin Actions report, if ARM is enabled)
Automatically redirects HTTP to HTTPS
Forces password reset on initial use (PCI DSS 8.5.3)
Expires user and/or Admin passwords after =>90 days (PCI DSS 8.5.9)
Enables password expiration reminders (e-mail, banner)
Removes old data automatically (Data sanitization (wiping)) (PCI DSS 9.10.2)
Removes inactive accounts after 90 days or more (PCI DSS 8.5.5)
Hides or disables non-allowed ciphers or SSL versions, key lengths <128 bits, anonymous account type, and warns when importing certificates with weak keys (PCI DSS 4.1)
Warns if password complexity is disabled or fails to meet PCI requirements (PCI DSS 8.5.10,11)
Warns if insecure protocols are in use (PCI DSS 2.2.2)
Warns if user disk quota is not set (PCI DSS 3.1)
Warns if secure remote administration not set (PCI DSS 2.3)
Warns if Encrypting File System (EFS) in use (PCI DSS 3.4.1)
Warns if weak SSL or SFTP keys are in use (PCI DSS 3.6.1)
Warns if weak SSL versions and ciphers are in use (PCI DSS 4.1)
Warns if DoS and flood settings are too low (PCI DSS 2.2.3)
Warns if vendor defaults remain unchanged (PCI DSS 2.1)
Warns if expired keys present (PCI DSS 3.6.5)
Warns if multiple administrator roles present (PCI DSS 7.1)
Warns if anonymous account type in use (PCI DSS 8.5.8)
Causes idle sessions to automatically timeout (PCI DSS 8.5.15)
Limits repeated invalid login attempts (PCI DSS 8.5.13)
Provides a configuration wizard for creating PCI DSS compliant Sites
Monitors and reports on configuration changes that result in PCI DSS violations (PCI DSS 12)
Produces automatic daily PCI DSS Compliance reports (PCI DSS 12)
Enables Active Directory and Local Windows accounts for EFT Server administrator authentication (default Administrator accounts are maintained by EFT Server).