An HSM (Hardware Security Module) is a physical device that generates, stores, and uses cryptographic keys in a tamper-resistant environment. Unlike software-based solutions, private keys never leave the HSM. HSMs meet rigorous certification standards such as FIPS 140-2/3 or Common Criteria. Typical use cases include TLS termination, signature creation, encryption, and PKI operations. For your ISMS, an HSM is relevant wherever the highest protection requirements for cryptographic keys apply. Cloud providers offer HSM-as-a-Service, simplifying operations without reducing the security level.