This page was not yet optimized for use on mobile devices.
AWS Key Management Service HSM
Certificate #4884
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-256, AES-, HMACAsymmetric Algorithms
RSA 2048, RSA-OAEP, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA2Schemes
MAC, Key AgreementRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521, secp256k1Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSPSecurity level
Level 3, Level 1Side-channel analysis
physical tamperingStandards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-108, SP 800-90B, SP 800-56B, SP 800-90, SP 800-56A, NIST SP 800-90B, ISO/IEC 24759File metadata
| Author | Kelvin Yiu |
|---|---|
| Creation date | D:20241025105050-07'00' |
| Modification date | D:20241025105050-07'00' |
| Pages | 71 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
18.11.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4884,
"dgst": "9326acebbb07fdc5",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"RSA Decryption PrimitiveA1908",
"KAS-ECC Sp800-56Ar3A1908",
"Counter DRBGA1908",
"SHA2-512A1908",
"ECDSA KeyVer (FIPS186-4)A1908",
"HMAC-SHA2-512A1908",
"HMAC-SHA2-256A1908",
"SHA-1A1908",
"ECDSA SigGen (FIPS186-4)A1908",
"SHA2-384A1908",
"AES-ECBA1908",
"RSA Signature PrimitiveA1908",
"ECDSA SigVer (FIPS186-4)A1908",
"KDA OneStep Sp800-56Cr1A1908",
"ECDSA KeyGen (FIPS186-4)A1908",
"HMAC-SHA2-384A1908",
"HMAC-SHA-1A1908",
"RSA SigGen (FIPS186-4)A1908",
"RSA SigVer (FIPS186-4)A1908",
"KDF SP800-108A1910",
"RSA KeyGen (FIPS186-4)A1908",
"Conditioning Component AES-CBC-MAC SP800-90BA1791",
"AES-CBCA1908",
"KTS-IFCA1908",
"AES-CTRA1908",
"AES-GCMA1908",
"AES-KWPA1908",
"SHA2-256A1908"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"1.8.104",
"3.0"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 11
},
"ECDH": {
"ECDH": 11
},
"ECDSA": {
"ECDSA": 48
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 1
}
},
"RSA": {
"RSA 2048": 7,
"RSA-OAEP": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CTR": {
"CTR": 40
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 46
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {
"KA": {
"Key Agreement": 26
},
"MAC": {
"MAC": 4
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 22,
"P-384": 24,
"P-521": 16,
"secp256k1": 6
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES key (256": 1,
"AES-256": 1,
"HMAC-SHA1": 2,
"HMAC-SHA1-96": 1,
"RSA 2048": 7,
"SHA-1": 4,
"SHA2": 18,
"SHA2-256": 15,
"SHA2-384": 8,
"SHA2-512": 10
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 3": 2
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA2": 18
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 64
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {
"FI": {
"physical tampering": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 11,
"FIPS 180-4": 1,
"FIPS 186-4": 2,
"FIPS 197": 1,
"FIPS 198-1": 1
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-90B": 1,
"SP 800-108": 4,
"SP 800-38A": 1,
"SP 800-38D": 3,
"SP 800-38F": 3,
"SP 800-56A": 1,
"SP 800-56B": 2,
"SP 800-90": 1,
"SP 800-90A": 3,
"SP 800-90B": 3
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 105,
"AES-": 1,
"AES-256": 1
}
},
"constructions": {
"MAC": {
"HMAC": 14
}
}
},
"tee_name": {
"AMD": {
"PSP": 4
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Kelvin Yiu",
"/CreationDate": "D:20241025105050-07\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20241025105050-07\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 823150,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 71
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "cdd79043cc27890665e559456cec7b010c3d05c7370090181178e6adaee9fdbb",
"policy_txt_hash": "1b8ac0e24014ee58e70a061ca94b97ae71c2722ed3050509f79745263dbfb3b6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs",
"certificate_pdf_url": null,
"date_sunset": "2026-11-17",
"description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": "1.8.104",
"historical_reason": null,
"hw_versions": "3.0",
"level": 3,
"mentioned_certs": {},
"module_name": "AWS Key Management Service HSM",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-11-18",
"lab": "ACUMEN SECURITY, LLC",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services, Inc.",
"vendor_url": "https://aws.amazon.com/kms/"
}
}