Overview and Goals

All End Entities (EEs) that participate in the SCMS must be enrolled. The enrollment process is the point where an initial trust relationship is established between a new EE (either an OBE or RSE) and the rest of the SCMS infrastructure. The integrity of the system requires that only authorized devices are allowed to enroll and that each EE receives the correct credentials to operate with the infrastructure. Therefore, the enrollment process must be performed in a secure environment using an approved process and equipment.

This guidance applies to the equipment and procedures used in the bootstrapping procedures defined in Use Case 2, respectively Use Case 12.

Architecture

The secure environment used for device enrollment requires the following elements:

1. A documented procedure for performing the enrollment process
2. A physically secure location where the enrollment will take place
3. One or more authorized devices (computers) for managing the enrollment process
4. An activity log or recording of the enrollment operations that were performed

Documented Procedure

The procedure used to enroll devices shall be documented and followed consistently. It is recommended that a checklist or automated procedure be used to ensure consistency and compliance. The procedure shall include the following cases:

1. List of Authorized Operators and Equipment
   1. Each facility must maintain a list of authorized personnel and equipment that may participate in the enrollment and provisioning process
   2. The means of identifying individuals and systems shall be specified
   3. The procedures for adding and removing personnel and equipment from the authorized list shall be part of the documented procedure
   4. The list of authorized personnel shall include a list of auditors (and procedures for adding and removing auditors) who can observe the process
2. Acceptance of a New EE
   1. Authorized operators (or an automated process) must be able to validate that the new EE, that is to be enrolled, is an authentic device. For example, this may be done by checking the device serial number against a manifest or by inspecting key features of the devices.
   2. If the EE employs tamper evident packaging, operators must inspect the tamper seals to ensure that they have not been compromised
   3. The software or firmware installed in the EE must be checked to confirm that it is running an allowed version. It is recommended that a secure hash of the installed software be checked against a trusted reference to validate that it has not been modified.
   4. If the EE has the capacity to run a self-test to confirm correct operation, the successful result of this test shall be confirmed
   5. Refer to PCI HSM Security Requirements version 3.0 (June 2016), Section I (Device Security Requirements During Manufacturing) for additional guidance on validating the EE to be provisioned
3. Connection to the EE
   1. During the bootstrapping process, certain information must be transferred with high integrity. The procedure must describe how an operator (or automated process) can validate that a trusted connection has been established to the new EE. For example, a physical cable connection that can be visually inspected is acceptable.
   2. If a wireless connection is to be used, the procedures must describe how the connection to the EE will be secured. This connection must provide authenticity and secrecy and it must prevent against replay of old, valid messages. Standard protocols may be used, if their authentication and encryption mechanisms meet these requirements.
4. Key Generation or Injection
   1. The enrollment process requires that each EE generate or receive a private key and the corresponding public key. This procedure must be initiated and completed in a secure environment and follow the 'level 2' requirements defined in FIPS PUB 140-2 Section 4.7 for key generation and secure key management.
   2. The association of the device public key to the EE must be securely established. It is recommended that the Certificate CSR be generated on the target EE and exported using the secure connection established in #3. Alternative approaches must define a procedure to ensure that the private key used to generate the CSR is correctly associated with the EE.
5. Enrollment Certificate and Parameter Installation
   1. The enrollment process requires the installation of one or more root CA certificate and elector certificates into the EE's secure storage. This must be performed in a secure environment using the high-integrity communications channel established in #3.
6. Creation of an Activity Log
   1. The documented procedure shall describe the steps that shall be taken to log or record the enrollment process. Note that the log may not include any private keys or seeding material used to initialize any device.
7. Exceptions and Changes
   1. The procedures shall define what steps are to be taken in case of an error or failure. This should include guidelines for repair or secure decommissioning of failed equipment.
   2. Changes or exceptions to the enrollment procedure shall be recorded.

Secure Environment

The enrollment process shall take place within a physically secure location with restricted access control. Alternatively, the procedures may be carried out in an open area with active monitoring or surveillance to ensure that only authorized individuals and equipment are involved. Refer to the PCI Physical Security Requirements version 2 (Nov 2016) Section 3 for guidelines for establishing a physically secure area for secure provisioning.

• Only authorized personnel shall be able to initiate the enrollment process or have access to the equipment used for enrollment
• Only authorized equipment shall be connected (wired or wireless) to any network, system, or OBE involved in the enrollment process
• The access control mechanism (or area monitoring) must keep a log of who is present in the area at any time when the enrollment process is active

Authorized Equipment

Only specific, authorized equipment shall be used in the enrollment process. This equipment may include one or more general-purpose computers.

• The equipment shall not be used for any purpose other than EE enrollment or related logging, testing, or quality control procedures
• This equipment shall operate on a network segment that is protected from other general-purpose systems used for any other purpose
• Only authorized personnel may access the equipment or install software, updates, or patches to the equipment. All approved and validated security patches shall be applied to all authorized systems.
• The operating system and application software shall be specified in the section Documented Procedures

Audit and Activity Log

The ability for independent auditors to observe a secure process in real-time as well as logs that can be used to reconcile events or audit procedures later are both required to ensure accountability and to recover from newly emerging threats. The secure environment shall support process oversight in the following ways:

1. Each enrollment location shall maintain a log that records the results of the steps defined in the section Documented Procedures. It must be possible to reconcile enrollment activity against a list of authorized, operational EEs along with any securely scraped or in-repair units to account for the final destination of all successfully enrolled device identities.
2. Authorized and identified independent auditors shall have access to the secure environment in order to periodically supervise and inspect the ongoing procedures. Auditors shall not directly view or record any secret information such as private keys or random number seed values.