AWS Security ChangesHomeSearch

AWS kms medium security documentation change

Service: kms · 2025-06-16 · Security-related medium

File: kms/latest/developerguide/symmetric-asymmetric.md

Summary

Added documentation for ML-DSA KMS keys as a post-quantum cryptography standard

Security assessment

Explicitly documents ML-DSA as a quantum-resistant algorithm, addressing long-term cryptographic security needs. This represents a security feature addition to counter quantum computing threats.

Diff

diff --git a/kms/latest/developerguide/symmetric-asymmetric.md b/kms/latest/developerguide/symmetric-asymmetric.md
index f502ffb17..1e2951710 100644
--- a//kms/latest/developerguide/symmetric-asymmetric.md
+++ b//kms/latest/developerguide/symmetric-asymmetric.md
@@ -28,0 +29,7 @@ For technical details about the signing algorithms that AWS KMS supports for ECC
+**ML-DSA KMS keys**
+    
+
+A KMS key with an ML-DSA key pair for signing and verification. ML-DSA is a post-quantum cryptography standard developed by the US National Institute of Standards and Technology (NIST) to protect against the security threats posed by quantum computing. ML-DSA is the recommended digital signature algorithm for organizations transitioning from RSA or Elliptic Curve digital signature algorithms to post-quantum safe cryptography.
+
+AWS KMS supports several key lengths for different security requirements. For technical details about the signing algorithms that AWS KMS supports for ML-DSA KMS keys, see [ML-DSA key spec](./symm-asymm-choose-key-spec.html#key-spec-mldsa).
+