Initial state of the access control system

The initial state has an initial default role.

After you have loaded the CCA software support into Segment 3 of the coprocessor, or after the access control system is initialized, no access control data exists except for an initial default role that allows unauthenticated users to create and load access control data.

After creating the roles and profiles needed for your environment, including the supervisory roles necessary to load access control data and to manage cryptographic keys, remove all permissions that are assigned to the default role. Then, add only those permissions you want to grant to unauthenticated users.

Important: The cryptographic node and the data it protects are not secure while the default role is permitted to load access control data.