AWS Security ChangesHomeSearch

AWS filegateway medium security documentation change

Service: filegateway · 2025-06-19 · Security-related medium

File: filegateway/latest/files3/security-strategy.md

Summary

Changed 'Mandatory encryption' to 'Enforce AES256 encryption' in SMBv3 configuration documentation

Security assessment

The terminology change emphasizes AES256 enforcement, closing potential ambiguity about allowed encryption strength. This directly strengthens cryptographic requirements for sensitive data environments.

Diff

diff --git a/filegateway/latest/files3/security-strategy.md b/filegateway/latest/files3/security-strategy.md
index 95560a2d4..b24aa4959 100644
--- a//filegateway/latest/files3/security-strategy.md
+++ b//filegateway/latest/files3/security-strategy.md
@@ -25 +25 @@ A higher security strategy level can affect performance of the gateway.
-     * **Mandatory encryption** – If you choose this option, S3 File Gateway only allows connections from SMBv3 clients that use 256-bit AES encryption algorithms. 128-bit algorithms are not allowed. This option is recommended for environments that handle sensitive data. It works with all current SMB clients on Microsoft Windows.
+     * **Enforce AES256 encryption** – If you choose this option, S3 File Gateway only allows connections from SMBv3 clients that use 256-bit AES encryption algorithms. 128-bit algorithms are not allowed. This option is recommended for environments that handle sensitive data. It works with all current SMB clients on Microsoft Windows.