Display warnings for unsecured issuance

Yes

Displays a warning on the login screen if the system is not securely configured and an attempt is made to issue credentials.

Review the System Security Checklist before disabling this option, and ensure that your system is configured appropriately according to the guidance provided and your own security policy. See the Securing Devices section in the System Security Checklist guide for details.

Enable Customer GlobalPlatform Keys

Yes

Whether the installation supports Java applets. If you do not have this option set, you will be unable to write customer GlobalPlatform keys to your cards.

See section 7.2, Enabling GlobalPlatform keys.

Manage PIV 9E key on supported devices

No

Updates the PIV 9E Key, if it is supported by the device. The card symmetric 9E key is diversified from the 9B Master Key, and is changed to the customer master key during card issuance, and using the factory master key when the card is erased.

Set this option to Yes to update the PIV 9E key on supported devices during issuance and erasure. Set this option to No to prevent any attempt to update the PIV 9E key on issuance or erasure.

Require Random Security Officer PIN

Yes

If this is set to Yes but the Security Officer PIN Type is set to Factory, cards cannot be issued.

Security Officer PIN Type

Random

Random – Generate a random SOPIN and set it on the card to be initialized (higher security).

Factory – Leave the default SOPIN on the card (low security).

Show all devices

No

When set to No, restricts the list of devices on this page to the smart cards known to support GlobalPlatform or PIV 9B keys.

When set to Yes, displays all devices known to MyID.