AWS kms medium security documentation change
Summary
Added documentation for ML-DSA KMS keys as a post-quantum cryptography standard
Security assessment
Explicitly documents ML-DSA as a quantum-resistant algorithm, addressing long-term cryptographic security needs. This represents a security feature addition to counter quantum computing threats.
Diff
diff --git a/kms/latest/developerguide/symmetric-asymmetric.md b/kms/latest/developerguide/symmetric-asymmetric.md index f502ffb17..1e2951710 100644 --- a//kms/latest/developerguide/symmetric-asymmetric.md +++ b//kms/latest/developerguide/symmetric-asymmetric.md @@ -28,0 +29,7 @@ For technical details about the signing algorithms that AWS KMS supports for ECC +**ML-DSA KMS keys** + + +A KMS key with an ML-DSA key pair for signing and verification. ML-DSA is a post-quantum cryptography standard developed by the US National Institute of Standards and Technology (NIST) to protect against the security threats posed by quantum computing. ML-DSA is the recommended digital signature algorithm for organizations transitioning from RSA or Elliptic Curve digital signature algorithms to post-quantum safe cryptography. + +AWS KMS supports several key lengths for different security requirements. For technical details about the signing algorithms that AWS KMS supports for ML-DSA KMS keys, see [ML-DSA key spec](./symm-asymm-choose-key-spec.html#key-spec-mldsa). +