Hardware security modules (HSM) are network devices that store and generate cryptographic keys for use by applications on the network. An HSM is a highly secure device that uses standard protocols to ensure that the request is authenticated, and the key is transmitted securely. An HSM uses hardware to generate, store, and protect all the keys, this hardware is tamper resistant and will destroy the information before allowing a physical attack to succeed.
HSM provides the highest level of protection for cryptographic keys. If these keys were compromised, many other security controls would be negated. With these keys, an attacker could decrypt all the data protected by encryption. They want to ensure that the keys are protected to the highest level possible.
They expect that an HSM is used to protect the cryptographic keys used in the environment. It is expected that the HSM is configured in a high availability configuration to ensure that the keys, and thus access, to their data is not lost in the event of a hardware failure of an HSM. The HSM needs to be configured properly to meet encryption standards and to allow access only to hosts that require use of the keys