With a long history of securing the private key of Certified Authorities, HSMs are a perfect fit into every CSfC solution that uses CAs. Use of an HSM to secure the CA private keys is not only identified as a best-practice, it is specifically required per the CSfC Key Management Requirements Annex. Due to the separation requirements, each CA used a dedicated HSM to hold its private key. This is illustrated in the following diagram from the CSfC Key Management Requirements Annex, modified to show the location of an HSM with each CA.
Download this solution brief to learn more.