AWS wellarchitected medium security documentation change
Summary
Updated FIPS 140-2 to FIPS 140-3 validation reference for AWS KMS
Security assessment
Reflects updated compliance with FIPS 140-3, a security-relevant standard for cryptographic modules.
Diff
diff --git a/wellarchitected/2025-02-25/framework/sec_protect_data_rest_key_mgmt.md b/wellarchitected/2025-02-25/framework/sec_protect_data_rest_key_mgmt.md index 5f00714b4..252e1b34a 100644 --- a//wellarchitected/2025-02-25/framework/sec_protect_data_rest_key_mgmt.md +++ b//wellarchitected/2025-02-25/framework/sec_protect_data_rest_key_mgmt.md @@ -32 +32 @@ Encryption of data at rest is a fundamental security control. To implement this -AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text. +AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-3 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text.