This page was not yet optimized for use on mobile devices.
AWS-LC Cryptographic Module (dynamic)
Certificate #4759
Webpage information ?
Security policy ?
Symmetric Algorithms
AES, AES-128, AES-192, AES-, AES-256, CAST, HMAC, CMACAsymmetric Algorithms
ECDH, ECDSA, ECC, Diffie-HellmanHash functions
SHA-1, SHA-256, SHA-3, MD4, MD5, RIPEMD-160, PBKDF2, PBKDFSchemes
MACProtocols
SSH, TLS, TLS 1.2, TLS 1.3, TLS 1.0Randomness
DRBG, RNGElliptic Curves
P-224, P-256, P-384, P-521, secp256k1Block cipher modes
ECB, CBC, CTR, CFB, OFB, GCM, CCM, XTSTrusted Execution Environments
PSP, SSCSecurity level
Level 1Side-channel analysis
timing attacksStandards
FIPS 2, FIPS 140-3, FIPS PUB 140-3, FIPS 197, FIPS 186-5, FIPS 186-4, FIPS 198-1, FIPS 180-4, FIPS140-3, FIPS180-4, FIPS186-4, FIPS186-5, FIPS197, FIPS198-1, SP 800-132, SP 800-38A, SP 800-38E, SP 800-38F, SP 800-38C, SP 800-38D, PKCS#1, RFC 7627, RFC5288, RFC8446, RFC 4253, RFC 6668, RFC 5288, ISO/IEC 24759File metadata
| Title | FIPS 140-3 Non-Proprietary Security Policy |
|---|---|
| Author | gburlea |
| Creation date | D:20240813165130+00'00' |
| Modification date | D:20240813165130+00'00' |
| Pages | 44 |
| Creator | Microsoft Word |
Heuristics ?
No heuristics are available for this certificate.
References ?
No references are available for this certificate.
Updates ?
-
09.09.2024 The certificate data changed.
Certificate changed
The web extraction data was updated.
- The certificate_pdf_url property was set to
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf.
- The certificate_pdf_url property was set to
-
19.08.2024 The certificate was first processed.
New certificate
A new FIPS 140 certificate with the product name was processed.
Raw data
{
"_type": "sec_certs.sample.fips.FIPSCertificate",
"cert_id": 4759,
"dgst": "e0a19cbdac9fda12",
"heuristics": {
"_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
"algorithms": {
"_type": "Set",
"elements": [
"AES-GMACA4504",
"RSA SigVer (FIPS186-5)A4508",
"HMAC-SHA2-224A4508",
"ECDSA SigVer (FIPS186-4)A4508",
"HMAC-SHA2-384A4508",
"AES-KWA4501",
"SHA2-256A4508",
"AES-CBCA4501",
"AES-KWPA4501",
"HMAC-SHA2-256A4508",
"KDA HKDF Sp800-56Cr1A4508",
"SHA-1A4508",
"AES-GCMA4504",
"RSA SigGen (FIPS186-5)A4508",
"SHA2-384A4508",
"KAS-ECC-SSC Sp800-56Ar3A4508",
"Counter DRBGA4501",
"SHA2-512/256A4508",
"AES-CTRA4501",
"SHA2-512A4508",
"RSA SigVer (FIPS186-4)A4507",
"KDF TLSA4508",
"PBKDFA4508",
"AES-XTS Testing Revision 2.0A4501",
"HMAC-SHA2-512/256A4508",
"KDF SSHA4508",
"SHA2-224A4508",
"HMAC-SHA-1A4508",
"ECDSA SigGen (FIPS186-5)A4508",
"RSA KeyGen (FIPS186-5)A4508",
"ECDSA SigVer (FIPS186-5)A4508",
"AES-CCMA4501",
"AES-CMACA4501",
"HMAC-SHA2-512A4508",
"ECDSA KeyGen (FIPS186-5)A4508",
"AES-ECBA4504",
"ECDSA KeyVer (FIPS186-5)A4508"
]
},
"cpe_matches": null,
"direct_transitive_cves": null,
"extracted_versions": {
"_type": "Set",
"elements": [
"-"
]
},
"indirect_transitive_cves": null,
"module_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"module_prunned_references": {
"_type": "Set",
"elements": []
},
"policy_processed_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"policy_prunned_references": {
"_type": "Set",
"elements": []
},
"related_cves": null,
"verified_cpe_matches": null
},
"pdf_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
"keywords": {
"asymmetric_crypto": {
"ECC": {
"ECC": {
"ECC": 2
},
"ECDH": {
"ECDH": 2
},
"ECDSA": {
"ECDSA": 20
}
},
"FF": {
"DH": {
"Diffie-Hellman": 1
}
}
},
"certification_process": {},
"cipher_mode": {
"CBC": {
"CBC": 4
},
"CCM": {
"CCM": 5
},
"CFB": {
"CFB": 1
},
"CTR": {
"CTR": 3
},
"ECB": {
"ECB": 3
},
"GCM": {
"GCM": 17
},
"OFB": {
"OFB": 2
},
"XTS": {
"XTS": 10
}
},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"SSH": {
"SSH": 13
},
"TLS": {
"TLS": {
"TLS": 52,
"TLS 1.0": 1,
"TLS 1.2": 10,
"TLS 1.3": 6
}
}
},
"crypto_scheme": {
"MAC": {
"MAC": 7
}
},
"device_model": {},
"ecc_curve": {
"NIST": {
"P-224": 18,
"P-256": 28,
"P-384": 14,
"P-521": 20,
"secp256k1": 4
}
},
"eval_facility": {
"atsec": {
"atsec": 47
}
},
"fips_cert_id": {},
"fips_certlike": {
"Certlike": {
"AES 256": 2,
"AES- 256": 1,
"AES-128": 2,
"AES-192": 2,
"AES-256": 2,
"HMAC- SHA-256": 1,
"HMAC-SHA-1": 8,
"HMAC-SHA-3": 2,
"HMAC-SHA1": 2,
"PKCS#1": 10,
"SHA-1": 16,
"SHA-1 and 1024": 1,
"SHA-256": 1,
"SHA-3": 4,
"SHA2- 224": 4,
"SHA2- 256": 2,
"SHA2- 384": 1,
"SHA2-224": 8,
"SHA2-256": 25,
"SHA2-384": 12,
"SHA2-512": 17
}
},
"fips_security_level": {
"Level": {
"Level 1": 2
}
},
"hash_function": {
"MD": {
"MD4": {
"MD4": 2
},
"MD5": {
"MD5": 4
}
},
"PBKDF": {
"PBKDF": 9,
"PBKDF2": 8
},
"RIPEMD": {
"RIPEMD-160": 3
},
"SHA": {
"SHA1": {
"SHA-1": 17
},
"SHA2": {
"SHA-256": 1
},
"SHA3": {
"SHA-3": 4
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {
"PRNG": {
"DRBG": 22
},
"RNG": {
"RNG": 3
}
},
"side_channel_analysis": {
"SCA": {
"timing attacks": 1
}
},
"standard_id": {
"FIPS": {
"FIPS 140-3": 51,
"FIPS 180-4": 1,
"FIPS 186-4": 6,
"FIPS 186-5": 15,
"FIPS 197": 10,
"FIPS 198-1": 1,
"FIPS 2": 7,
"FIPS PUB 140-3": 2,
"FIPS140-3": 1,
"FIPS180-4": 1,
"FIPS186-4": 1,
"FIPS186-5": 1,
"FIPS197": 1,
"FIPS198-1": 1
},
"ISO": {
"ISO/IEC 24759": 2
},
"NIST": {
"SP 800-132": 6,
"SP 800-38A": 2,
"SP 800-38C": 2,
"SP 800-38D": 1,
"SP 800-38E": 1,
"SP 800-38F": 2
},
"PKCS": {
"PKCS#1": 5
},
"RFC": {
"RFC 4253": 1,
"RFC 5288": 1,
"RFC 6668": 1,
"RFC 7627": 5,
"RFC5288": 1,
"RFC8446": 2
}
},
"symmetric_crypto": {
"AES_competition": {
"AES": {
"AES": 45,
"AES-": 4,
"AES-128": 2,
"AES-192": 2,
"AES-256": 2
},
"CAST": {
"CAST": 12
}
},
"constructions": {
"MAC": {
"CMAC": 3,
"HMAC": 14
}
}
},
"tee_name": {
"AMD": {
"PSP": 6
},
"IBM": {
"SSC": 2
}
},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"policy_metadata": {
"/Author": "gburlea",
"/CreationDate": "D:20240813165130+00\u002700\u0027",
"/Creator": "Microsoft Word",
"/ModDate": "D:20240813165130+00\u002700\u0027",
"/Title": "FIPS 140-3 Non-Proprietary Security Policy",
"pdf_file_size_bytes": 639803,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf",
"http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf",
"http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf",
"http://www.ietf.org/rfc/rfc3447.txt",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf",
"http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf",
"http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf",
"http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf",
"https://csrc.nist.gov/Projects/cryptographic-module-validation-program/fips-140-3-ig-announcements",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 44
}
},
"state": {
"_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
"module_download_ok": true,
"module_extract_ok": true,
"policy_convert_garbage": false,
"policy_convert_ok": true,
"policy_download_ok": true,
"policy_extract_ok": true,
"policy_pdf_hash": "c10681ea2c33c7284deb4e69c6387c56adaf2cfb03bfcabf7ab6ebff9f8b7c0c",
"policy_txt_hash": "c2204879060635a9668e2612224724108fded69aaf046081db72c13964fd8ee8"
},
"web_data": {
"_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
"caveat": "Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)",
"certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2024_010924_0336.pdf",
"date_sunset": "2026-08-13",
"description": "AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It \u0456s based on code from the Google BoringSSL project and the OpenSSL project.",
"embodiment": "Multi-Chip Stand Alone",
"exceptions": [
"Physical security: N/A",
"Non-invasive security: N/A",
"Documentation requirements: N/A",
"Cryptographic module security policy: N/A"
],
"fw_versions": null,
"historical_reason": null,
"hw_versions": null,
"level": 1,
"mentioned_certs": {},
"module_name": "AWS-LC Cryptographic Module (dynamic)",
"module_type": "Software",
"revoked_link": null,
"revoked_reason": null,
"standard": "FIPS 140-3",
"status": "active",
"sw_versions": "AWS-LC FIPS 2.0.0",
"tested_conf": [
"Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
"Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA",
"Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor with PAA",
"Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor without PAA",
"Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA",
"Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA"
],
"validation_history": [
{
"_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
"date": "2024-08-14",
"lab": "ATSEC INFORMATION SECURITY CORP",
"validation_type": "Initial"
}
],
"vendor": "Amazon Web Services Inc.",
"vendor_url": "http://aws.amazon.com"
}
}