For the Key Vault service, would it be possible to provide FIPS 140-2 Level 3 HSM?
Or at least allow the Key Vault service to proxy requests to/from a FIPS 140-2 Level 3 HSM. The main reason for this would be to allow the PaaS services that currently only consume KMS services from Key Vault to consume services from FIPS 140-2 Level 3 HSMs.
Or at least if only certified to Level 2, verify if tamper detection/response meet level 3 requirements/etc. so even if cannot certify to level 3, try to verify components of level 3 you can meet and document and share that info.
Support for HSM 1.3 is required by our financial service clients. We will be forced to use Amazon AWS if Microsoft does not offer this option.
required in financial services
Level 2 only meets some trust of the trust scheme requirements and fails to met others scheme requirements. Amazon AWS offers FIPS 140-2 Rod level 3 HSMs!