AWS Key Management Service HSM

Certificate #4523

Webpage information ?

Status active
Validation dates 19.05.2023
Sunset date 21-09-2026
Standard FIPS 140-2
Security level 3
Type Hardware
Embodiment Multi-Chip Stand Alone
Caveat When installed, initialized and configured as specified in Section 3 of the Security Policy
Exceptions
  • Mitigation of Other Attacks: N/A
Description The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.
Version (Hardware) 3.0
Version (Firmware) 1.7.100, 1.7.102 and 1.7.103
Vendor Amazon Web Services, Inc.
References

This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Security policy ?

Symmetric Algorithms
AES, HMAC, HMAC-SHA-256
Asymmetric Algorithms
RSA 4096, RSA 2048, RSA-OAEP, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSA
Hash functions
SHA-1, SHA-256, SHA-384, SHA-512, SHA256
Schemes
MAC, Key Agreement
Randomness
DRBG, RNG
Elliptic Curves
P-256, P-384, P-521, curve P-384, secp256k1, secp384r1
Block cipher modes
ECB, CBC, CTR, GCM

Security level
Level 3

Standards
FIPS 140-2, FIPS 140, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, NIST SP 800-90A, SP 800-38D, SP 800-56B, SP 800-38F, SP 800-56A, SP 800-56C, SP 800-108, SP 800-90B, SP 800-90, PKCS#1, PKCS #1

File metadata

Creation date D:20230509105230-04'00'
Modification date D:20230509105230-04'00'
Pages 37
Creator Microsoft® Word for Microsoft 365
Producer Microsoft® Word for Microsoft 365

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

  • 26.06.2023 The certificate was first processed.
    New certificate

    A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4523,
  "dgst": "9e2f46c99a2188ab",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KBKDF#A1910",
        "AES#A1908",
        "KDA#A1908",
        "KTS#A1908",
        "KAS#A1908",
        "AES#A1791",
        "HMAC#A1908",
        "DRBG#A1791",
        "KTS-RSA#A1908",
        "DRBG#A1908",
        "ECDSA#A1908",
        "CVL#A1908",
        "RSA#A1908",
        "SHS#A1908"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.7.103",
        "1.7.100",
        "3.0",
        "1.7.102"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DH": {
            "DH": 2,
            "Diffie-Hellman": 4
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 6,
          "RSA 4096": 2,
          "RSA-OAEP": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CTR": {
          "CTR": 9
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 18
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 17
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 16,
          "P-384": 17,
          "P-521": 8,
          "curve P-384": 1,
          "secp256k1": 6,
          "secp384r1": 6
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 256": 1,
          "AES GCM 256": 7,
          "AES key ( 256": 1,
          "DRBG 128": 1,
          "DRBG 256": 1,
          "HMAC-SHA-256": 2,
          "PKCS #1": 2,
          "PKCS#1": 2,
          "RSA 2048": 6,
          "RSA 4096": 2,
          "SHA-1": 2,
          "SHA-256": 6,
          "SHA-384": 2,
          "SHA-512": 3,
          "SHA256": 1,
          "SHS 160": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 3": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 2
          },
          "SHA2": {
            "SHA-256": 6,
            "SHA-384": 2,
            "SHA-512": 3,
            "SHA256": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 20
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 2,
          "FIPS 140-2": 18,
          "FIPS 180-4": 1,
          "FIPS 186-4": 4,
          "FIPS 197": 1,
          "FIPS 198-1": 1
        },
        "NIST": {
          "NIST SP 800-90A": 1,
          "SP 800-108": 3,
          "SP 800-38D": 1,
          "SP 800-38F": 1,
          "SP 800-56A": 1,
          "SP 800-56B": 4,
          "SP 800-56C": 1,
          "SP 800-90": 1,
          "SP 800-90B": 5
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS#1": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 29
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 6,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230509105230-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230509105230-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 821804,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html",
          "http://aws.amazon.com/kms/",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 37
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "973f7c776965b98ae41b6cb5ff62529885f1daa292ad875b8e0932832733f1b4",
    "policy_txt_hash": "6f91a8c1e11ddde2353a58f9d73ea32622f4667a6a3e0d025997a7f5d7063e88"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "1.7.100, 1.7.102 and 1.7.103",
    "historical_reason": null,
    "hw_versions": "3.0",
    "level": 3,
    "mentioned_certs": {},
    "module_name": "AWS Key Management Service HSM",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-19",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Amazon Web Services, Inc.",
    "vendor_url": "https://aws.amazon.com/kms/"
  }
}