Hardware security modules allow you to increase the protection of the CA’s private key to meet Federal Information Processing Standard (FIPS) 140-2 level 2 and level 3 security. A FIPS 140-2 level 3 device protects the CA’s private key by providing two features:
The cryptographic device is tamper evident. The cryptographic store within an HSM is typically coated with an epoxy layer, so that any attempts to access the cryptographic store is indicated in the epoxy layer.
If an attempt to compromise the cryptographic store on the HSM takes place, the data stored on the cryptographic store—namely the private key—is destroyed, which protects the private key from compromise.
The FIPS 140-2 document that defines the security ...