AWS Security ChangesHomeSearch

AWS privateca medium security documentation change

Service: privateca · 2025-04-16 · Security-related medium

File: privateca/latest/userguide/describe-CA.md

Summary

Updated FIPS compliance options and added note about HSM security standard enforcement

Security assessment

Explicitly documents enhanced FIPS 140-2 Level 3 HSM compliance for private key protection, which is a security control improvement

Diff

diff --git a/privateca/latest/userguide/describe-CA.md b/privateca/latest/userguide/describe-CA.md
index 9e079da40..076277c9e 100644
--- a//privateca/latest/userguide/describe-CA.md
+++ b//privateca/latest/userguide/describe-CA.md
@@ -77 +77,5 @@ You can use the ACM console or the AWS CLI to view detailed metadata about a pri
-     * **Key storage security standard** – Level of Federal Information Processing Standards conformance. Possible values are **FIPS 140-2 level 3 or higher** and **FIPS 140-2 level 3 or higher**. This parameter varies by AWS Region.
+     * **Key storage security standard** – Level of Federal Information Processing Standards (FIPS) conformance. You can choose from these values: **FIPS 140-2 level 2 or higher** , **FIPS 140-2 level 3 or higher** , and **CCPC Level 1 or higher**. This parameter varies by AWS Region.
+
+###### Note
+
+Starting January 26, 2023, AWS Private CA protects all CA private keys in non-China regions using hardware security modules (HSMs) that comply with FIPS PUB 140-2 Level 3.