HP Atalla is a trusted security vendor, with 35+ years
ofexperience in data protection, security, and
cryptographic performance. HP payment and data
security solutions meet the highest government and
nancial industry standards—including National
Institute of Standards and Technology (NIST), Payment
Card Industry Data Security Standard (PCI DSS), and
Health Insurance Portability and Accountability Act
of 1996 (HIPAA)/Health Information Technology for
Economic and Clinical Health Act (HITECH)—protect
sensitive data, and prevent fraud. HP Enterprise Secure
Key Manager (ESKM) and Atalla Network Security
Processor (NSP) provide robust security, high
performance, and transparency while ensuring
comprehensive, end-to-end network security.
Data sheet
HP Atalla Secure Conguration
Assistant-3
2
Data sh eet | HP Atalla S ecure Congurat ion
Assistant-3
Security and regulatory requirements dictate that at least two trusted individuals
participate in all key entry operations and approve all security-related changes. All too
often, thisrequirement results in carefully trained users standing in the data center, typing
in cryptographic key components, and navigating elaborate, non-intuitive menu trees in
an attempt to congure the HSM correctly. With more data centers moving to lights-out
operation and strict control of physical access to the data center, such a manual and
error-prone approach is unacceptable to most HP customers.
The HP Atalla Secure Conguration Assistant-3 (SCA-3) is a versatile tablet-based tool that
implements the well-regarded SCA-2 on an easy-to-read tablet platform. The SCA-3 still
enables security administrators to easily congure commands, dene parameters, calculate
cryptograms, and inject cryptographic keys into HP Atalla Network Security Processors
(NSPs) in a trusted manner. Now, an easy-to-use GUI with natural event and decision ow
is even more convenient to navigate on wider tablet screens thereby improving security
administrator user experience and productivity.
The Atalla SCA-3 can be directly or remotely connected to an Atalla NSP. Atalla SCA-3 security
administrator smart cards perform individual user authentication and support multiple
controls for Atalla NSP conguration. Atalla SCA-3 shareholder cards provide “L of M” quorum
control for quickly replicating and restoring Atalla NSP congurations on new or restored
NSP hardware.
Features and benets
Features at a glance:
• Tablet-based GUI saves time, enhances understanding, and facilitates entry accuracy.
• SCA-3 is fully backward compatible with SCA-2 based smart cards, as well as
olderAtallaAx150 and Ax160 NSP devices.
• Custom Atalla SCA-3 smart cards support identity-based authentication, encrypted
communication, and protected cryptographic key component storage.
• Atalla SCA-3 shareholder cards provide “L of M” quorum control for quick replication of
congurations on both local and remote Atalla NSPs.
• Intuitive GUI interface enables security administrators to congure an Atalla NSP with
minimal training.
The Atalla SCA-3 is based on a security-enhanced tablet, presenting an easy-to-use GUI
that saves time and reduces risk of data entry errors. The Federal Information Processing
Standard (FIPS) 140-2 level 3 evaluated Atalla SCA-3 smart card performs all cryptographic
functions and stores security-relevant data (for example, key components) to provide
customer data security.
Physical and logical security
The Atalla SCA-3 is manufactured with tamper-evident seals. Logical security features
include digital code signing to prevent unauthorized software execution. The custom
Atalla SCA-3 smart card has been certied to FIPS 140-2 level 3 requirements. Together,
the Atalla NSP and Atalla SCA-3 are leaders in meeting industry needs for end-to-end
protected key initialization.
Smart cards
Atalla SCA-3 smart cards are personalized to individual cardholders, such as security
administrators, IT managers, or executives. An organization denes its own security policy
by setting the minimum number of cardholders required to approve each type of security
action. Atalla SCA-3 uses public key cryptography to establish an encrypted channel with
the AtallaNSP. All subsequent communication between these devices is symmetrically
encrypted. Security associations are formed between the SCA-3 smart cards and the
Atalla NSP products they congure and manage.
3
Data sh eet | HP Atalla S ecure Congurat ion
Assistant-3
Physic al SCA-3 table t dimension s
(with expansion jacke t attached)
26.99 cm x 1.78 cm x 20.32 cm (10.63 in. x 0.7 in. x 8 in.); weight (with smart card reader): 1.07 kg (2.34 lb)
Physic al security admini strator smart card
jewel ki t dimension (with 3 car ds)
8.89 cm x 0.94 cm x 6.02 cm (3.5 in. x 0.37 in. x 2.37 in.); weight: 37 grams (1.3 oz.)
Physic al share smar t card
jewel ki t dimension (2 kits, each wit h 5 cards)
8.89 cm x 1.88 cm x 6.02 cm (3.5 in. x 0.74 in. x 2.37 in.); weight: 90.9 grams (3.2 oz.)
Processor Intel® Atom processor (1.8 GHz BFM)
Graphics Intel graphics media accelerator (533 MHz)
Memory 2 GB
Internal storage 32 GB
Standard features Docking station with AC adapter power and charger, USB smart card reader, serial adapter cable,
USB to serial interface cable, and serial null-modem cable.
Touch-screen display 10.1 in. diagonal, 1280 x 800 WXGA, LED backlit, red-green-blue (RGB) stripe, 0.1695 x 0.1695 pixel pitch
Input method Touch-sensitive display
Easy access buttons Power button, home button
Notication systems Audible feedback
Power supply 10 watt AC adapter, internal 2 cell (25 Wh) polymer battery, and recharging supplied through AC adapter
Operating environment Temperature: 0°C to 35°C (32°F to 95°F); relative humidity: 10% to 90%
Security Tamper seals on the back of the device. All cr yptographic operations occur within the smart cards.
Application upgrade Application is user-upgradable with HP Atalla security products supplied software
Ordering information
C8Z33AA HP Atalla Secure Conguration Assistant-3 (SCA-3) appliance
C8Z34AA HP Atalla SC A-3 Enh SW package of ten shareholder smart cards
C8Z35A A HP Atalla SCA-3 Enh SW package of three security administrator smart cards
AJ543A HP Atalla SCA-2 package of three security administrator smart cards
AJ542A HP Atalla SCA-2 package of ten shareholder smart cards
Impor tant Note: C8Z34AA and C8Z35AA smart cards will o nly work with the Atalla Secure Conguration Assistant-3. They can be used to initialize and
congure the Atalla Ax160 Network Security Processor models that are running Enhanced Software (version 2.0 or higher).
Technical specications
Rate this docu mentShare w ith colleag ues
Sign up for updates
hp.com/go/getupdated
HP ESP Global Services take a holistic approach
to building and operating cyber securit y and
response solutions and capabilities that support
the cyber threat management and regulatory
compliance needs of the world’s largest
enterprises. We use a combination of operational
expertise—yours and ours—and proven
methodologies to deliver fast, eective results
and demonstrate ROI. Our proven, use-case
driven solutions combine market-leading
technology together with sustainable business
and technical process executed by trained and
organized people.
Learn more about HP ESP Global Services at
hpenterprisesecurity.com.
Data sh eet | HP Atalla S ecure Congurat ion
Assistant-3
Flexible management with security administrator and
share smart cards
Atalla SCA-3 uses two types of custom smart cards to inject keys, enforce an organization’s
security policy, and manage Atalla NSP products.
Security administrator smart cards
• Enable users to initialize Atalla NSPs
• Set Atalla SCA-3 user policy
• Enable or disable Atalla NSP commands
• Calculate cryptogram
Share smart cards
• Provides exibility in support of customer business needs
• Initialize an Atalla NSP to a predened conguration set by security administrators only
• Can be distributed to local or remote operations sta
• Facilitate the operation of the Atalla NSP at remote locations or lights-out facilities
• Enables a subset of a security administrator sanctioned group (L of M) to bring up or restore
an NSP at remote locations or lights-out facilities
Key strengths
The Atalla SCA-3 supports single-length Data Encryption Standards (DES), 2-key and 3-key
triple DES, AES, public key cryptography, Atalla Key Block key management, and older
variant key management.
About HP Enterprise Security
HP is a leading provider of security and compliance solutions for the modern enterprise that
wants to mitigate risk in their hybrid environment and defend against advanced threats.
Based on market-leading products from HP ArcSight, HP Fortify, and HP TippingPoint, the
HP Security Intelligence Platform uniquely delivers the advanced correlation, application
protection, and network defenses to protect today’s hybrid IT infrastructure from
sophisticated cyber threats.
Learn more at
hp.com/go/atalla or hpenterprisesecurity.com
© Copyr ight 2013–2014 Hewlet t-Packa rd Developm ent Company, L.P. The infor mation contained h erein is subje ct to change withou t notice. The on ly
warrantie s for HP produc ts and serv ices are set for th in the expr ess warranty stat ements accom panying su ch product s and services. Not hing herein
shoul d be construe d as constituting an a dditional warra nty. HP shall not be liab le for technical or ed itorial errors or om issions cont ained herei n.
Intel is a t rademark o f Intel Corpo ration in the U .S. and other c ountries.
4AA 4-5073ENN, Fe bruary 2014, Rev. 2
Loading...