Changing passwords when a security officer leaves, Multiple credentials procedures, Configuring the multiple credentials feature – HP Secure Key Manager User Manual

2.

Navigate to the Password Settings for Local Administrators section of the Administrator Configuration

page (Device Configuration > Administrators > Password Management).

3.

Click Edit.

4.

To enable password expiration, enter the Maximum Password Age in the Password Expiration field.

When an administrator’s password reaches this age, the administrator will be forced to create a

new password.

5.

To enable password history, enter the Num Passwords to Remember in the Password History field.

When creating a new password, an administrator cannot use a value that exists in their password

history.

NOTE:

The password history is only consulted when administrators attempt to change their own

passwords. It is not checked when one administrator changes another’s password.

6.

Enter the Minimum Password Length.

7.

Specify if the password must contain at least one lower case letter, upper case letter, number, or

special character, or some combination of these values.

8.

Click Save.

Changing passwords when a security officer leaves

In the event of a security officer personnel change, immediately change the passwords for administrator

accounts, user accounts, and backups in order to protect integrity of the SKM system and the data

protected by the encryption keys. This procedure should be handled quickly but deliberately, so that

access to the SKM configuration is secured but not in a haphazard manner. It is best to have a

documented procedure in place to handle such a situation. One possible procedure is the following:

1.

Delete the former security officer’s administrator account immediately, then create a new

administrator account with the same permissions but a different account name. Have the replacement

security officer use the new account.

NOTE:

The account must be deleted because It is not possible for administrators to change another

administrator’s password on the SKM.

2.

Have each remaining security officer change their administrator account password, preferably with

at least one other security officer present to witness the password change.

3.

Change the user account passwords on both the SKM and the enrolled clients, again with at least

one other security officer present. Because this may interrupt the ability of the library to retrieve

keys during the change and verification, this should be done outside the backup window at the

earliest convenience.

4.

Change the backup job passwords for each SKM in the configuration. Remember that if an

automated script is being used to run the backup jobs, the password information will have to be

changed in the script, as well.

Multiple credentials procedures

Configuring the multiple credentials feature

To configure the multiple credentials feature:

1.

Log in to the Management Console as an administrator with High Access Administrators access

control.

66

Performing configuration and operation tasks