AWS Security ChangesHomeSearch

AWS privateca medium security documentation change

Service: privateca · 2025-11-13 · Security-related medium

File: privateca/latest/userguide/create-CA.md

Summary

Added ML-DSA-44, ML-DSA-65, and ML-DSA-87 as key algorithm options

Security assessment

Introducing ML-DSA algorithms provides documentation for quantum-resistant cryptographic standards, a proactive security measure against future threats.

Diff

diff --git a/privateca/latest/userguide/create-CA.md b/privateca/latest/userguide/create-CA.md
index a8b5e931d..73a2e987e 100644
--- a//privateca/latest/userguide/create-CA.md
+++ b//privateca/latest/userguide/create-CA.md
@@ -81 +81,7 @@ Because the backing certificate is self-signed, the subject information that you
-  5. Under **Key algorithm options** , choose the key algorithm and the bit-size of the key. The default value is an RSA algorithm with a 2048-bit key length. You can choose from the following algorithms: 
+  5. Under **Key algorithm options** , choose the key algorithm and the algorithm strength. The default value is RSA 2048. You can choose from the following algorithms: 
+
+     * ML-DSA-44
+
+     * ML-DSA-65
+
+     * ML-DSA-87