At least we have to provide this functionality: - PKCS#11 interface for key storage; - Support for AWS CloudHSM / Azure Dedicated HSM; - Key escrow and backup mechanisms; - HSM health monitoring.
At least we have to provide this functionality: