AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-03-07 · Documentation low

File: prescriptive-guidance/latest/strategy-matter-standard/security.md

Summary

Added details about Matter security framework enhancements including PSA-based crypto improvements, Distributed Compliance Ledger (DCL), Enhanced Multi-Admin capabilities with HRAP, and OTA update infrastructure improvements

Security assessment

Documents security features like blockchain-based compliance tracking, multi-admin security contexts, and crypto improvements. While it strengthens security documentation, there's no evidence of addressing a specific existing vulnerability.

Diff

diff --git a/prescriptive-guidance/latest/strategy-matter-standard/security.md b/prescriptive-guidance/latest/strategy-matter-standard/security.md
index 58c195ffe..d262381a8 100644
--- a//prescriptive-guidance/latest/strategy-matter-standard/security.md
+++ b//prescriptive-guidance/latest/strategy-matter-standard/security.md
@@ -7 +7 @@ Device authenticationEncrypted communicationOver-the-air updates
-# Security
+# Security considerations for the Matter standard
@@ -10,0 +11,2 @@ Device authenticationEncrypted communicationOver-the-air updates
+As of Matter version 1.5, the security framework has been continuously strengthened through multiple releases. Matter 1.4.2 (June 2025) introduced PSA-based crypto improvements, enhancing the security foundation. The Connectivity Standards Alliance (CSA), which oversees the Matter standard, maintains a dedicated Vulnerability Reporting Program to manage security disclosures for its protocols.
+
@@ -14,0 +17,2 @@ Matter devices must authenticate themselves to each other and to a controller be
+The CSA maintains a list of authorized Product Attestation Authorities (PAAs) and publishes them through the Distributed Compliance Ledger (DCL). The DCL is a blockchain-based system that provides transparent, tamper-proof records of certified devices and trusted certificate authorities. Manufacturers can apply to become PAAs or work with existing authorized PAAs to provision their devices. The DCL also supports Observer Nodes that stakeholders can use to monitor the certification ecosystem.
+
@@ -18,0 +23,2 @@ After the device is granted access to the Matter fabric, all data passed between
+Matter version 1.4 introduced Enhanced Multi-Admin capabilities with Home Router Access Protocol (HRAP). This improved security for scenarios where devices are controlled by multiple ecosystems simultaneously. This enhancement ensures that credential sharing and access control remain secure even when a device participates in multiple Matter fabrics. Each fabric maintains its own security context, preventing compromise in one ecosystem from affecting others.
+
@@ -22,0 +29,2 @@ The Matter standard also requires devices to implement a robust security posture
+Matter version 1.4.2 (June 2025) introduced significant improvements to the OTA update infrastructure, including better transport reliability and enhanced testing frameworks. These improvements have made OTA updates more robust and reliable in production deployments. However, manufacturers should note that Matter's OTA mechanism has limitations regarding sequential updates and rollback capabilities. For devices that require fine-grained update control, fleet management, or A/B testing of firmware, manufacturers may need to supplement Matter's OTA with direct cloud connectivity to their own update infrastructure.
+