What he means is, your security considerations here must come from some perceived threat. What kind of threat do you forsee that requires this high level of security?
Usually when you consider security you start with a threat model, describing the scenarios you want to protect your systems from. And based on that you decide the necessary technical security measures that are relevant.
Several countries have this, across device types. It works great.