Ensuring the physical security of OneSpan Authentication Server

OneSpan Authentication Server is designed to be a critical infrastructure component, thus it is very important to restrict physical access to authorized personnel only. Physical security controls enable the protection of resources against unauthorized physical access and physical tampering.

While following your organization's security policy, we strongly recommend the following physical security controls:

• Allow only authorized users to physically access OneSpan Authentication Server. After installation, also authorized users only need limited access to OneSpan Authentication Server systems and components.
• Access to systems hosting OneSpan Authentication Server and/or its components should be physically secured, for example, in cabinets with tamper-evident physical locks or audited on-site access.
• Secure the server room hosting OneSpan Authentication Server and its components in such a way that it is only accessible by authorized personnel and audit that access.
• Use room locks that allow traceability and auditing.
• Minimize the number of people who have physical access to devices hosting OneSpan Authentication Server, server components, and instances of the OneSpan Authentication Server SDK and the OneSpan Authentication Server Authentication SDK.
• Employ strong access control and intrusion detection mechanisms where the product cabling, switches, servers, and storage hardware reside.
• Place tamperproof stickers on each server chassis and other hardware.