AWS payment-cryptography documentation change
Summary
Added reference to Physical Key Exchange for paper key components and removed suggestion to use third-party key custodians.
Security assessment
Promotes AWS-native Physical Key Exchange over third-party solutions, improving security posture by reducing external dependencies. No specific vulnerability is mentioned.
Diff
diff --git a/payment-cryptography/latest/userguide/keys-importexport.md b/payment-cryptography/latest/userguide/keys-importexport.md index 33bba86c7..2700deb33 100644 --- a//payment-cryptography/latest/userguide/keys-importexport.md +++ b//payment-cryptography/latest/userguide/keys-importexport.md @@ -9 +9 @@ -You can import AWS Payment Cryptography keys from other solutions and export them to other solutions, such as HSMs. Many customers exchange keys with service providers using import and export functionality. We designed AWS Payment Cryptography to use a modern, electronic approach to key management that helps you maintain compliance and controls. We recommend using standards-based electronic key exchange instead of paper-based key components. +You can import AWS Payment Cryptography keys from other solutions and export them to other solutions, such as HSMs. Many customers exchange keys with service providers using import and export functionality. We designed AWS Payment Cryptography to use a modern, electronic approach to key management that helps you maintain compliance and controls. We recommend using standards-based electronic key exchange instead of paper-based key components. If you need to continue processing paper key components until all partners support electronic key exchange, you can use [Physical Key Exchange](./keys-physicalkeyexchange.html). @@ -34,2 +33,0 @@ We recommend using [ANSI X9.24 TR-34](./terminology.html#terms.tr34) standard. T -If you need to continue processing paper key components until all partners support electronic key exchange, consider using an offline HSM or utilizing a 3rd party [key custodian as a service](./terminology.html#terms.kcaas). -