AWS wellarchitected documentation change
Summary
Updated FIPS validation level from 140-2 to 140-3 for AWS KMS hardware security modules
Security assessment
Reflects updated compliance certification standards (FIPS 140-3 is newer), enhancing documentation about security controls but not directly patching a vulnerability.
Diff
diff --git a/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md b/wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md index 19a358cdd..1bda20b9a 100644 --- a//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md +++ b//wellarchitected/latest/framework/sec_protect_data_rest_key_mgmt.md @@ -32 +32 @@ Encryption of data at rest is a fundamental security control. To implement this -AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text. +AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-3 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text.