AWS mpa documentation change
Summary
Added AWS Payment Cryptography to the list of services that support Multi-party approval, specifically for protecting the import of root certificate public keys.
Security assessment
This change documents a security feature (Multi-party approval) for a specific service (AWS Payment Cryptography). It explains how the feature helps prevent a single individual from unilaterally establishing or changing the root of trust for cryptographic keys, which is a security control. It does not indicate a fix for a specific vulnerability.
Diff
diff --git a/mpa/latest/userguide/what-is.md b/mpa/latest/userguide/what-is.md index ef0b9aae0..3edff08ac 100644 --- a//mpa/latest/userguide/what-is.md +++ b//mpa/latest/userguide/what-is.md @@ -88,0 +89 @@ AWS service | Benefits of using with Multi-party approval | Protected operation +[AWS Payment Cryptography](https://aws.amazon.com/payment-cryptography) | As an AWS Payment Cryptography customer, you can use Multi-party approval to protect the import of root certificate public keys, which establish the trust anchor for subsequent key imports and exports using asymmetric key exchange such as TR-34. Requiring multi-party approval for this operation helps ensure that no single individual can unilaterally establish or change the root of trust for your AWS Payment Cryptography keys. | [`ImportKey`](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html) (with `RootCertificatePublicKey` key material) [`AssociateMpaTeam`](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_AssociateMpaTeam.html) [`DisassociateMpaTeam`](https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_DisassociateMpaTeam.html) | For more information, see [Multi-party approval for AWS Payment Cryptography](https://docs.aws.amazon.com/payment-cryptography/latest/userguide/mpa.html) in the _AWS Payment Cryptography User Guide_.