AWS Security ChangesHomeSearch

AWS wellarchitected medium security documentation change

Service: wellarchitected · 2025-10-10 · Security-related medium

File: wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md

Summary

Updated FIPS 140-2 to FIPS 140-3 validation level for AWS KMS

Security assessment

Explicitly references updated FIPS 140-3 compliance, which is a security certification standard. This demonstrates ongoing adherence to latest security validation requirements for cryptographic modules.

Diff

diff --git a/wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md b/wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md
index 6e911fa3f..b820d16f9 100644
--- a//wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md
+++ b//wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md
@@ -32 +32 @@ Encryption of data at rest is a fundamental security control. To implement this
-AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text. 
+AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-3 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text.