AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-08-22 · Documentation medium

File: prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md

Summary

Added categorization of cryptographic algorithms into 'Preferred' and 'Acceptable' with explanatory text

Security assessment

The update clarifies security best practices by categorizing cryptographic algorithms, helping users prioritize secure configurations. While this enhances security guidance, there is no explicit mention of addressing a specific vulnerability or incident.

Diff

diff --git a/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md b/prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md
index f0258ced9..769e3be1f 100644
--- a//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md
+++ b//prescriptive-guidance/latest/encryption-best-practices/aws-cryptography-services.md
@@ -38 +38,8 @@ AWS closely tracks cryptographic developments, security issues, and research res
-The following tables list recommended cryptographic algorithms and their status.
+The following tables summarize the cryptographic algorithms, ciphers, modes, and key sizes that AWS deploys across its services to protect your data. They should not be considered to be an exhaustive list of all cryptography options available in AWS. The algorithms fall into two categories:
+
+  * _Preferred_ algorithms meet the AWS security and performance standards.
+
+  * _Acceptable_ algorithms can be used for compatibility in some applications but are not preferred.
+
+
+