AWS Security ChangesHomeSearch

AWS wellarchitected documentation change

Service: wellarchitected · 2025-10-10 · Documentation medium

File: wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md

Summary

Updated FIPS validation level from 140-2 to 140-3 for AWS KMS hardware security modules

Security assessment

Reflects updated compliance certification standards (FIPS 140-3 is newer), enhancing documentation about security controls but not directly patching a vulnerability.

Diff

diff --git a/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md b/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
index 19a358cdd..1bda20b9a 100644
--- a//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
+++ b//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md
@@ -32 +32 @@ Encryption of data at rest is a fundamental security control. To implement this
-AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text. 
+AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-3 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text.