This checklist includes guidelines that help secure your key management system:

1. Install each KMA in a physically secure environment.
2. Secure the OpenBoot PROM on each KMA.
3. Secure the Lights Out Manager on each KMA.
4. Define the key split configuration for this Oracle Key Manager Cluster.
5. Set the autonomous unlock setting for each KMA as appropriate.
6. Define Oracle Key Manager users and their associated roles.
7. Practice the principle of least privilege.
   1. Grant each Oracle Key Manager user only those roles as needed.
8. Monitor activity on the Oracle Key Manager Cluster.
   1. Investigate any errors, especially Security Violations, that are logged in the Oracle Key Manager audit log.
9. Back up the core security when the key split configuration is initially defined and whenever the key split configuration is modified.
10. Perform Oracle Key Manager backups on a regular basis.
11. Store core security backup files and Oracle Key Manager backup files in a secure location.
12. Set the Export Format attribute of key transfer partners to v2.1 (FIPS) when key sharing is used.