Posted On: May 24, 2023

AWS Key Management Service (KMS) announced today that the hardware security modules (HSMs) used in the service were awarded Federal Information Processing Standards (FIPS) 140-2 Security Level 3 certification from the U.S. National Institute of Standards and Technology (NIST). The FIPS 140 program validates areas related to the secure design and implementation of a cryptographic module, including the correctness of cryptographic algorithm implementations and tamper resistance/response. AWS KMS HSMs have been certified under FIPS 140-2 overall Security Level 2 continuously since 2017. This new certification gives customers assurance that all cryptographic operations involving their keys in AWS KMS happen within an HSM certified at FIPS 140-2 Security Level 3.

Security Level 3 certification can assist organizations seeking compliance with several industry and regulatory standards including: Federal Risk and Authorization Management Program (FedRAMP), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) Standards, the European Union’s General Data Protection Regulation (GDPR) and the International Organization for Standardization (ISO) 27001 Standard for security management best practices and comprehensive security controls.

The FIPS 140-2 Security Level 3 certified HSMs in AWS KMS are deployed in all commercial Regions, including the AWS GovCloud (US) Regions. China (Beijing) and China (Ningxia) Regions do not support the FIPS 140-2 Cryptographic Module Validation Program. AWS KMS uses OSCCA certified HSMs to protect KMS keys in China Regions. The certificate for the AWS KMS FIPS 140-2 Security Level 3 validation is available on the NIST Cryptographic Module Validation Program website here