This page was not yet optimized for use on mobile
devices.
AWS Key Management Service HSM
Certificate #4884
Webpage information
Security policy
Symmetric Algorithms
AES, AES-256, AES-, HMACAsymmetric Algorithms
RSA 2048, RSA-OAEP, ECDH, ECDSA, ECC, Diffie-Hellman, DHHash functions
SHA-1, SHA2Schemes
MAC, Key AgreementRandomness
DRBG, RNGElliptic Curves
P-256, P-384, P-521, secp256k1Block cipher modes
ECB, CBC, CTR, GCMTrusted Execution Environments
PSPSecurity level
Level 3, Level 1Side-channel analysis
physical tamperingStandards
FIPS 140-3, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, SP 800-38A, SP 800-38D, SP 800-38F, SP 800-90A, SP 800-108, SP 800-90B, SP 800-56B, SP 800-90, SP 800-56A, NIST SP 800-90B, ISO/IEC 24759File metadata
| Author | Kelvin Yiu |
|---|---|
| Creation date | D:20241025105050-07'00' |
| Modification date | D:20241025105050-07'00' |
| Pages | 71 |
| Creator | Microsoft® Word for Microsoft 365 |
| Producer | Microsoft® Word for Microsoft 365 |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates Feed
-
The certificate data changed.
-
The certificate data changed.
-
The certificate data changed.
-
The certificate was first processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4884,
"dgst": "9326acebbb07fdc5",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"HMAC-SHA2-256A1908",
"KDA OneStep Sp800-56Cr1A1908",
"RSA SigVer (FIPS186-4)A1908",
"ECDSA SigGen (FIPS186-4)A1908",
"HMAC-SHA-1A1908",
"HMAC-SHA2-384A1908",
"Counter DRBGA1908",
"RSA SigGen (FIPS186-4)A1908",
"ECDSA SigVer (FIPS186-4)A1908",
"RSA KeyGen (FIPS186-4)A1908",
"SHA2-512A1908",
"SHA-1A1908",
"AES-CTRA1908",
"AES-ECBA1908",
"RSA Signature PrimitiveA1908",
"AES-GCMA1908",
"KTS-IFCA1908",
"SHA2-256A1908",
"RSA Decryption PrimitiveA1908",
"SHA2-384A1908",
"KAS-ECC Sp800-56Ar3A1908",
"HMAC-SHA2-512A1908",
"KDF SP800-108A1910",
"ECDSA KeyVer (FIPS186-4)A1908",
"AES-CBCA1908",
"AES-KWPA1908",
"Conditioning Component AES-CBC-MAC SP800-90BA1791",
"ECDSA KeyGen (FIPS186-4)A1908"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"3.0",
"1.8.104"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 11
},
"ECDH": {
"ECDH": 11
},
"ECDSA": {
"ECDSA": 48
}
},
"FF": {
"DH": {
"DH": 1,
"Diffie-Hellman": 1
}
},
"RSA": {
"RSA 2048": 7,
"RSA-OAEP": 3
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 3
},
"CTR": {
"CTR": 40
},
"ECB": {
"ECB": 4
},
"GCM": {
"GCM": 46
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {
"KA": {
"Key Agreement": 26
},
"MAC": {
"MAC": 4
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-256": 22,
"P-384": 24,
"P-521": 16,
"secp256k1": 6
}
},
"eval_facility": {},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES key (256": 1,
"AES-256": 1,
"HMAC-SHA1": 2,
"HMAC-SHA1-96": 1,
"RSA 2048": 7,
"SHA-1": 4,
"SHA2": 18,
"SHA2-256": 15,
"SHA2-384": 8,
"SHA2-512": 10
}
},
"fips_security_level": {
"Level": {
"Level 1": 1,
"Level 3": 2
}
},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 4
},
"SHA2": {
"SHA2": 18
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 64
},
"RNG": {
"RNG": 1
}
},
"side_channel_analysis": {
"FI": {
"physical tampering": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 11,
"FIPS 180-4": 1,
"FIPS 186-4": 2,
"FIPS 197": 1,
"FIPS 198-1": 1
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"NIST SP 800-90B": 1,
"SP 800-108": 4,
"SP 800-38A": 1,
"SP 800-38D": 3,
"SP 800-38F": 3,
"SP 800-56A": 1,
"SP 800-56B": 2,
"SP 800-90": 1,
"SP 800-90A": 3,
"SP 800-90B": 3
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 105,
"AES-": 1,
"AES-256": 1
}
},
"constructions": {
"MAC": {
"HMAC": 14
}
}
},
"tee_name": {
"AMD": {
"PSP": 4
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "Kelvin Yiu",
"/CreationDate": "D:20241025105050-07\u002700\u0027",
"/Creator": "Microsoft\u00ae Word for Microsoft 365",
"/ModDate": "D:20241025105050-07\u002700\u0027",
"/Producer": "Microsoft\u00ae Word for Microsoft 365",
"pdf_file_size_bytes": 823150,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 71
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_json_hash": null,
"policy_pdf_hash": "cdd79043cc27890665e559456cec7b010c3d05c7370090181178e6adaee9fdbb",
"policy_txt_hash": "1b8ac0e24014ee58e70a061ca94b97ae71c2722ed3050509f79745263dbfb3b6"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs",
"certificate_pdf_url": null,
"date_sunset": "2026-11-17",
"description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Operational environment: N/A",
"Non-invasive security: N/A",
"Mitigation of other attacks: N/A"
],
"fw_versions": "1.8.104",
"historical_reason": null,
"hw_versions": "3.0",
"level": 3,
"mentioned_certs": {},
"module_name": "AWS Key Management Service HSM",
"module_type": "Hardware",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": null,
"tested_conf": null,
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-11-18",
"lab": "Acumen Security",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services, Inc.",
"vendor_url": "https://aws.amazon.com/kms/"
}
}