AWS kms documentation change
Summary
Updated HSM validation standard from FIPS 140-2 to FIPS 140-3
Security assessment
Documents compliance with newer FIPS 140-3 security standards for HSMs, indicating enhanced security certifications but not addressing a specific vulnerability.
Diff
diff --git a/kms/latest/cryptographic-details/intro.md b/kms/latest/cryptographic-details/intro.md index f3885226d..13fed14f6 100644 --- a//kms/latest/cryptographic-details/intro.md +++ b//kms/latest/cryptographic-details/intro.md @@ -9 +9 @@ AWS Key Management Service (AWS KMS) provides a web interface to generate and ma -AWS KMS includes a web interface through the AWS Management Console, command line interface, and RESTful API operations to request cryptographic operations of a distributed fleet of FIPS 140-2 validated hardware security modules (HSMs)[[1](./kms-bibliography.html#fips-hsms)]. The AWS KMS HSM is a multichip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of AWS KMS. You can establish your own HSM-based cryptographic hierarchy under keys that you manage as AWS KMS keys. These keys are made available only on the HSMs and only in memory for the necessary time needed to process your cryptographic request. You can create multiple KMS keys, each represented by its key ID. Only under AWS IAM roles and accounts administered by each customer can customer KMS keys be created, deleted, or used to encrypt, decrypt, sign, or verify data. You can define access controls on who can manage and/or use KMS keys by creating a policy that is attached to the key. Such policies allow you to define application-specific uses for your keys for each API operation. +AWS KMS includes a web interface through the AWS Management Console, command line interface, and RESTful API operations to request cryptographic operations of a distributed fleet of FIPS 140-3 validated hardware security modules (HSMs)[[1](./kms-bibliography.html#fips-hsms)]. The AWS KMS HSM is a multichip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of AWS KMS. You can establish your own HSM-based cryptographic hierarchy under keys that you manage as AWS KMS keys. These keys are made available only on the HSMs and only in memory for the necessary time needed to process your cryptographic request. You can create multiple KMS keys, each represented by its key ID. Only under AWS IAM roles and accounts administered by each customer can customer KMS keys be created, deleted, or used to encrypt, decrypt, sign, or verify data. You can define access controls on who can manage and/or use KMS keys by creating a policy that is attached to the key. Such policies allow you to define application-specific uses for your keys for each API operation.