AWS wellarchitected medium security documentation change
Summary
Updated FIPS 140-2 to FIPS 140-3 validation level for AWS KMS
Security assessment
Explicitly references updated FIPS 140-3 compliance, which is a security certification standard. This demonstrates ongoing adherence to latest security validation requirements for cryptographic modules.
Diff
diff --git a/wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md b/wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md index 6e911fa3f..b820d16f9 100644 --- a//wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md +++ b//wellarchitected/latest/security-pillar/sec_protect_data_rest_key_mgmt.md @@ -32 +32 @@ Encryption of data at rest is a fundamental security control. To implement this -AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-2 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text. +AWS offers the AWS Key Management Service (AWS KMS) to provide durable, secure, and redundant storage for AWS KMS keys. [Many AWS services integrate with AWS KMS](https://aws.amazon.com/kms/features/#integration) to support encryption of your data. AWS KMS uses FIPS 140-3 Level 3 validated hardware security modules to protect your keys. There is no mechanism to export AWS KMS keys in plain text.