This page was not yet optimized for use on mobile
devices.
AWS Key Management Service HSM
Certificate #3617
Webpage information
Security policy
Symmetric Algorithms
AES, HMAC, HMAC-SHA-256Asymmetric Algorithms
RSA 2048, RSA 4096, RSA-OAEP, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSAHash functions
SHA-1, SHA-256, SHA-384, SHA256, SHA-224, SHA-512Schemes
MAC, Key AgreementRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521, NIST P-384, secp256k1, secp384r1Block cipher modes
ECB, CBC, CTR, GCMSecurity level
Level 2, Level 3Standards
FIPS 140-2, FIPS 140, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 186-2, FIPS 180-4, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-56A, SP 800-108, SP 800-56B, SP 800-133, SP 800-90, PKCS #1File metadata
| Author | Dan Sivertson |
|---|---|
| Creation date | D:20200522110546-04'00' |
| Modification date | D:20200522110546-04'00' |
| Pages | 38 |
| Creator | Microsoft® Word for Office 365 |
| Producer | Microsoft® Word for Office 365 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 3617,
"dgst": "2e27bb07e506e982",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"KBKDF#133",
"KAS#122",
"HMAC#2987",
"DRBG#1487",
"CVL#1208",
"RSA#2464",
"AES#4527",
"ECDSA#1102",
"SHS#3708",
"CVL#1209"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"1.5.135",
"2.0",
"1.5.138"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 1
},
"ECDH": {
"ECDH": 1
},
"ECDSA": {
"ECDSA": 13
}
},
"FF": {
"DH": {
"DH": 2,
"Diffie-Hellman": 5
},
"DSA": {
"DSA": 1
}
},
"RSA": {
"RSA 2048": 5,
"RSA 4096": 1,
"RSA-OAEP": 1
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 2
},
"CTR": {
"CTR": 9
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 18
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {
"KA": {
"Key Agreement": 17
},
"MAC": {
"MAC": 1
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"NIST P-384": 1,
"P-256": 4,
"P-384": 13,
"P-521": 8,
"secp256k1": 5,
"secp384r1": 6
}
},
"eval_facility": {},
"fips_cert_id": {
"Cert": {
"#1": 1,
"Cert. 1209": 1
}
},
"fips_certlike": {
"Certlike": {
"AES 128, 256": 1,
"AES GCM 1487": 1,
"AES GCM 256": 7,
"AES key ( 256": 1,
"DRBG 256": 1,
"Diffie-Hellman (CVL Cert. 1209": 1,
"HMAC-SHA-256": 2,
"HMAC-SHA256": 4,
"PKCS #1": 2,
"RSA 2048": 5,
"RSA 4096": 1,
"SHA-1": 2,
"SHA-224": 2,
"SHA-256": 5,
"SHA-384": 3,
"SHA-512": 2,
"SHA256": 1
}
},
"fips_security_level": {
"Level": {
"Level 2": 1,
"Level 3": 2
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 2
},
"SHA2": {
"SHA-224": 2,
"SHA-256": 5,
"SHA-384": 3,
"SHA-512": 2,
"SHA256": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 20
},
"RNG": {
"RNG": 2
}
},
"side_channel_analysis": {},
"standard_id": {
"FIPS": {
"FIPS 140": 2,
"FIPS 140-2": 18,
"FIPS 180-4": 1,
"FIPS 186-2": 1,
"FIPS 186-4": 1,
"FIPS 197": 1,
"FIPS 198-1": 1
},
"NIST": {
"SP 800-108": 3,
"SP 800-133": 2,
"SP 800-38A": 1,
"SP 800-38D": 1,
"SP 800-38F": 2,
"SP 800-56A": 1,
"SP 800-56B": 3,
"SP 800-90": 2,
"SP 800-90A": 2
},
"PKCS": {
"PKCS #1": 1
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 26
}
},
"constructions": {
"MAC": {
"HMAC": 5,
"HMAC-SHA-256": 1
}
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Dan Sivertson",
"/CreationDate": "D:20200522110546-04\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Office 365",
"/ModDate": "D:20200522110546-04\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Office 365",
"pdf_file_size_bytes": 760675,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html",
"http://aws.amazon.com/kms/",
"http://csrc.nist.gov/groups/STM/cmvp/index.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 38
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "9134c1fe919d6c536b48bcaf131fb059d9a0a0dcdc14f3b0b7206e26d9eedb1b",
"policy_txt_hash": "d1d1ce236baed1b500bb99db8df33e7a5d66cc2270c3a73867164937c339568e"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/February 2020_020320.pdf",
"date_sunset": null,
"description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Cryptographic Module Specification: Level 3",
"Roles, Services, and Authentication: Level 3",
"Physical Security: Level 3",
"Design Assurance: Level 3",
"Mitigation of Other Attacks: N/A"
],
"fw_versions": "1.5.135 and 1.5.138",
"historical_reason": "SP 800-56Arev3 transition",
"hw_versions": "2.0",
"level": 2,
"mentioned_certs": {},
"module_name": "AWS Key Management Service HSM",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-2",
"status": "historical",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2020-02-19",
"lab": "Acumen Security",
"validation_type": "Initial"
},
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2020-06-08",
"lab": "Acumen Security",
"validation_type": "Update"
}
],
"vendor": "Amazon Web Services, Inc.",
"vendor_url": "https://aws.amazon.com/kms/"
}
}