This page was not yet optimized for use on mobile devices.
AWS-LC Cryptographic Module (dynamic)
Certificate #4759
Webpage information
Security policy
Symmetric Algorithms
AES, AES-128, AES-192, AES-, AES-256, CAST, HMAC, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-HellmanHash functions
SHA-1, SHA-256, SHA-3, MD4, MD5, RIPEMD-160, PBKDF2, PBKDFSchemes
MACProtocols
SSH, TLS, TLS 1.2, TLS 1.3, TLS 1.0Randomness
DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521, secp256k1Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTrusted Execution Environments
PSP, SSCSecurity level
Level 1Side-channel analysis
timing attacksStandards
FIPS 2, FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-5, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS140-3, FIPS180-4, FIPS186-4, FIPS186-5, FIPS197, FIPS198-1, SP 800-132, SP 800-38A, SP 800-38E, SP 800-38F, SP 800-38C, SP 800-38D, PKCS#1, RFC 7627, RFC5288, RFC8446, RFC 4253, RFC 6668, RFC 5288, ISO/IEC 24759File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | gburlea |
| Creation date | D:20240813165130+00'00' |
| Modification date | D:20240813165130+00'00' |
| Pages | 44 |
| Creator | Microsoft Word |
Heuristics
No heuristics are available for this certificate.
References
No references are available for this certificate.
Updates
-
08.09.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The validation_history property was updated.
-
24.02.2025 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The exceptions property was updated.
-
09.09.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.
- The certificate_pdf_url property was set to
-
19.08.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name AWS-LC Cryptographic Module (dynamic) was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4759,
"dgst": "e0a19cbdac9fda12",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"ECDSA SigVer (FIPS186-5)A4508",
"AES-GCMA4504",
"KDF SSHA4508",
"AES-CBCA4501",
"SHA2-256A4508",
"KDA HKDF Sp800-56Cr1A4508",
"AES-CTRA4501",
"AES-CCMA4501",
"AES-KWA4501",
"RSA KeyGen (FIPS186-5)A4508",
"AES-KWPA4501",
"HMAC-SHA2-512/256A4508",
"RSA SigGen (FIPS186-5)A4508",
"AES-GMACA4504",
"HMAC-SHA2-224A4508",
"AES-XTS Testing Revision 2.0A4501",
"ECDSA SigGen (FIPS186-5)A4508",
"Counter DRBGA4501",
"SHA2-512/256A4508",
"AES-CMACA4501",
"RSA SigVer (FIPS186-5)A4508",
"ECDSA KeyGen (FIPS186-5)A4508",
"AES-ECBA4504",
"SHA2-384A4508",
"HMAC-SHA2-384A4508",
"PBKDFA4508",
"ECDSA SigVer (FIPS186-4)A4508",
"HMAC-SHA-1A4508",
"SHA2-512A4508",
"KAS-ECC-SSC Sp800-56Ar3A4508",
"HMAC-SHA2-256A4508",
"KDF TLSA4508",
"ECDSA KeyVer (FIPS186-5)A4508",
"HMAC-SHA2-512A4508",
"SHA-1A4508",
"SHA2-224A4508",
"RSA SigVer (FIPS186-4)A4507"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 20
}
},
"FF": {
"DH": {
"Diffie-Hellman": 1
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 5
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 17
},
"OFB": {
"OFB": 2
},
"XTS": {
"XTS": 10
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 13
},
"TLS": {
"TLS": {
"TLS": 52,
"TLS 1.0": 1,
"TLS 1.2": 10,
"TLS 1.3": 6
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 7
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 18,
"P-256": 28,
"P-384": 14,
"P-521": 20,
"secp256k1": 4
}
},
"eval_facility": {
"atsec": {
"atsec": 47
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES 256": 2,
"AES- 256": 1,
"AES-128": 2,
"AES-192": 2,
"AES-256": 2,
"HMAC- SHA-256": 1,
"HMAC-SHA-1": 8,
"HMAC-SHA-3": 2,
"HMAC-SHA1": 2,
"PKCS#1": 10,
"SHA-1": 16,
"SHA-1 and 1024": 1,
"SHA-256": 1,
"SHA-3": 4,
"SHA2- 224": 4,
"SHA2- 256": 2,
"SHA2- 384": 1,
"SHA2-224": 8,
"SHA2-256": 25,
"SHA2-384": 12,
"SHA2-512": 17
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 4
}
},
"PBKDF": {
"PBKDF": 9,
"PBKDF2": 8
},
"RIPEMD": {
"RIPEMD-160": 3
},
"SHA": {
"SHA1": {
"SHA-1": 17
},
"SHA2": {
"SHA-256": 1
},
"SHA3": {
"SHA-3": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 22
},
"RNG": {
"RNG": 3
}
},
"side_channel_analysis": {
"SCA": {
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 51,
"FIPS 180-4": 1,
"FIPS 186-4": 6,
"FIPS 186-5": 15,
"FIPS 197": 10,
"FIPS 198-1": 1,
"FIPS 2": 7,
"FIPS PUB 140-3": 2,
"FIPS140-3": 1,
"FIPS180-4": 1,
"FIPS186-4": 1,
"FIPS186-5": 1,
"FIPS197": 1,
"FIPS198-1": 1
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-132": 6,
"SP 800-38A": 2,
"SP 800-38C": 2,
"SP 800-38D": 1,
"SP 800-38E": 1,
"SP 800-38F": 2
},
"PKCS": {
"PKCS#1": 5
},
"RFC": {
"RFC 4253": 1,
"RFC 5288": 1,
"RFC 6668": 1,
"RFC 7627": 5,
"RFC5288": 1,
"RFC8446": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 45,
"AES-": 4,
"AES-128": 2,
"AES-192": 2,
"AES-256": 2
},
"CAST": {
"CAST": 12
}
},
"constructions": {
"MAC": {
"CMAC": 3,
"HMAC": 14
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 2
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "gburlea",
"/CreationDate": "D:20240813165130+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20240813165130+00\u002700\u0027",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 639803,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
"http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"http://www.ietf.org/rfc/rfc3447.txt",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 44
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "c10681ea2c33c7284deb4e69c6387c56adaf2cfb03bfcabf7ab6ebff9f8b7c0c",
"policy_txt_hash": "c2204879060635a9668e2612224724108fded69aaf046081db72c13964fd8ee8"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2026-08-13",
"description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It \u0456s based on code from the Google BoringSSL project and the OpenSSL project.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "AWS-LC Cryptographic Module (dynamic)",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "AWS-LC FIPS 2.0.0",
"tested_conf": [
"Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
"Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
"Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-14",
"lab": "atsec information security corporation",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services Inc.",
"vendor_url": "http://aws.amazon.com"
}
}