@mattschaer Thank you for the answer.
To be Compliant we need to use a Dedicated HSM Module. (CloudHSM – SafeNet, Inc , HSM Luna SA 7000-- ) and use this device for Cryptographic Operations (“All the operations”).
In the HSM we can do the following:
Act as the root of trust that protects the cryptographic key (Private Keys) lifecycle (Creation, Deployment, Backup, Rotation, Expiration, etc…)
This method ensures that your keys always benefit from both physical and logical protections
We can use the HSM for Cryptographic Support:
Full Suite B support
Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves
Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED
Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC, SM3
Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)
If DreamFactory do any of mentioned Cryptographic Operations (Session, API Key Genration, etc.). We will need to make these operations with the HSM.
Now We can integrate Apache (OpenSSL) with the HSM (http://www.safenet-inc.com/resources/integration-guide/data-protection/Apache_HTTP_Server_Integration_Guide_with_Luna_SA/?langtype=1033)
If i want use Dreamfactory. I need to prove that are compliance.
We use a Bitnami Image on AWS for Dreamfactory.
The Database is Oracle11g .- CloudHSM for Amazon RDS Oracle TDE enables Transparent Data Encryption, a standard feature of Oracle 11g, for encrypting the database in a way that is transparent to our applications.
Thank you in advance and sorry for my English.