Thales banner

Luna General Purpose HSMs

Thales is the leading provider of general purpose hardware security modules (HSMs) worldwide. Our Thales Luna HSM product family represents the highest-performing, most secure and easiest-to-integrate HSM solution available on the market today.

Luna HSMs are purposefully designed to provide a balance of security, high performance and usability that makes them an ideal choice for enterprise, financial and government organisations.

What is a Hardware Security Module?

2024 Thales Data Threat Report

Global Edition

2024 Thales Data Threat Report

Read more about Navigating New Threats and Overcoming Old Challenges


Get Your Copy Today
Luna Network HSM

Luna Network HSM

Luna Network HSM, a network-attached hardware security module, provides high assurance protection for encryption keys used by applications in on-premise, virtual and cloud environments.

Luna PCIe HSM

Luna PCIe HSM

Luna PCIe HSM, an embedded PCI-E hardware security module, provides cryptographic acceleration and high-assurance protection for encryption keys and is widely used by governments, financial institutions and large enterprises.

Luna USB HSM

Luna USB HSM

Luna USB HSM delivers industry leading key management in a portable appliance. The USB form factor makes this HSM an ideal option for offline key storage.

crypto command centre

Crypto Command Centre

With Crypto Command Centre, organisations can establish centralised, HSM-as-a-Service deployments that leverage Thales's market leading Luna Network HSM.

Luna Cloud HSM Services

Luna Cloud HSM Services

With Luna Cloud HSM services on the Thales Data Protection on Demand (DPoD) cloud marketplace, organisations can leverage a fully managed HSM as a service to store and manage cryptographic keys, establishing a common root of trust across all applications and services, while retaining complete control of their keys at all times.

Luna Backup HSM Solutions

Luna Backup HSM Solutions

Luna Backup HSM Solutions Thales offers flexible options to help maintain business continuity, with offline backup HSM and cloud backup HSM solutions that follow security best practices by maintaining keys in hardware throughout their lifecycle, protecting those keys even when not in use and reducing the attack surface.

Luna HSM features & benefits:

Defence in depth: keys in hardware

Cryptography is only as strong as the security afforded to your cryptographic keys. Luna HSMs are designed with the highest key security in mind.

With our unique keys-in-hardware approach, cryptographic keys are securely isolated inside the tamper-resistant hardware of the HSM. Applications communicate with the keys stored in the Luna HSM via a client – but keys never leave the HSM.

Flexibility for the next generation of PKI

With an unparalleled combination of features — including central key and policy management, robust encryption support, flexible integration and more – Luna Hardware Security Modules enable organisations to guard against evolving threats and capitalise on the emerging opportunities presented in technological advances.

FIPS 140, Common Criteria and eIDAS validation

Achieving FIPS validation and Common Criteria certification can be a lengthy process for each product certified. As our sole focus is security, we make third-party certifications a priority. Our team has years of experience in designing products that adhere to FIPS, Common Criteria and many other 3rd party product security assurance schemes. Our Luna HSMs are accredited as follows:

Thales Luna HSM 7 (PCIe and network) security certifications:

  • FIPS 140-2 level 3 validated – password and multi-factor (PED)
  • FIPS 140-3 Level 3 Validated – Password and Multi-Factor (PED)
  • Common Criteria EAL4+ (AVA_VAN.5 and ALC_FLR.2) certified against the protection profile EN 419 221-5
  • Listed as Qualified Signature or Seal Creation Device (QSCD for either remote or local signing as part of an eIDAS compliant deployment)
  • NIST SP 800-90 A/B/C certified
  • AIS 20/31 compliant to DRG.4
  • Singapore NITES certified
  • Brazil INMETRO approved (formerly ITI)
  • NATO approved for use up to Restricted
  • Other regional certifications (ask your local Thales representative)

Thales Luna backup HSM

  • FIPS 140-3 level 3 (validation in process)

Thales Luna USB HSM

  • FIPS 140-3 level 3 (validation in process)

Secure remote management and activation

Today, organisations depend on IT infrastructure that is spread across the globe. Activating, managing and administering HSMs across many decentralised data centres could be a time consuming and costly process.

With Thales’s two-factor authenticated Remote PIN Entry Device (PED), Luna HSMs can be securely managed and administered remotely. Luna HSMs also benefit from secure transport mode, a feature which allows HSMs to be placed in a locked state to ensure key material is secure and untampered as it travels to a data centre or remote office.

Flexible deployment options

Luna HSMs can be deployed on-premises, in the cloud, as a service or across multiple environments to create a purpose-built hybrid HSM solution ensuring the:

  • Flexibility to meet your business and compliance needs securely and efficiently;
  • Ability to move keys freely for cloning, backup and scaling between environments as well as migrating environments in the future;
  • Key material can be shared automatically across all environments.
Risk Management Strategies for Digital Processes - White Paper

Risk Management Strategies for Digital Processes with HSMs - White Paper

An Anchor of Trust in a Digital World Business and governmental entities recognize their growing exposure to, and the potential ramifications of, information incidents, such as: Failed regulatory audits Fines Litigation Breach notification costs Market set-backs Brand...