Defining the Trusted Environment
The CCSS glossary defines the “Trusted Environment” as noted below:
For the purposes of this specification, trusted environment is defined as the physical location, hardware and software used in any private key related operations.
The definition takes into account the physical locations where private keys are transmitted, processed and stored. This includes data centers, retail stores, offices and third-party service provider managed locations providing services for private key operations.
Hardware includes devices which provide private key functions such as physical HSM appliances, hardware wallets, servers on which software that provides private key functions are hosted on, backup storage systems media (tape, removable drives, wood, metal, paper etc…), network devices such as switches, routers.
The software component includes software that provide private key functions for transmission, processing and storage of keys such as wallet software, key management software, operating systems of servers on which software providing private key functions are hosted on, backup software.
Logical & Physical Security Controls
The definition also includes logical and physical security controls such as physical door locks, CCTV, visitor registration systems, staff and visitor badges, alarm systems, physical destruction hardware such as disk shredders. Logical security controls include authentication and authorization systems, log management systems, data encryption, firewalls, anti-virus, File integrity monitoring (FIM) etc…
The Trusted Environment definition also includes the personnel that develop, test, deploy, manage and operate the systems that provide private key functions. Further, the personnel that manage the physical and logical security controls which protect the systems which provide private key functions are “in-scope” for the CCSS audit.
Policies, Procedures, and Standards
The policy, standards and procedures that cover the people and technology components of the Trusted Environment are also “in-scope” for the CCSS audit.