This page was not yet optimized for use on mobile devices.

AWS Key Management Service HSM

Certificate #4523

Webpage information ?

Status	active
Validation dates	19.05.2023
Sunset date	21-09-2026
Standard	FIPS 140-2
Security level	3
Type	Hardware
Embodiment	Multi-Chip Stand Alone
Caveat	When installed, initialized and configured as specified in Section 3 of the Security Policy
Exceptions	Mitigation of Other Attacks: N/A
Description	The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.
Version (Hardware)	3.0
Version (Firmware)	1.7.100, 1.7.102 and 1.7.103
Vendor	Amazon Web Services, Inc.
References	This certificate's webpage directly references 0 certificates, transitively this expands into 0 certificates.

Certificate

Webpage

Document information ?

Security policy

Security target PDF TXT

Symmetric Algorithms

AES, HMAC, HMAC-SHA-256

Asymmetric Algorithms

RSA 4096, RSA 2048, RSA-OAEP, ECDH, ECDSA, ECC, DH, Diffie-Hellman, DSA

Hash functions

SHA-1, SHA-256, SHA-384, SHA-512, SHA256

Schemes

MAC, Key Agreement

Randomness

DRBG, RNG

Elliptic Curves

P-256, P-384, P-521, curve P-384, secp256k1, secp384r1

Block cipher modes

ECB, CBC, CTR, GCM

Security level

Level 3

Standards

FIPS 140-2, FIPS 140, FIPS 197, FIPS 186-4, FIPS 198-1, FIPS 180-4, NIST SP 800-90A, SP 800-38D, SP 800-56B, SP 800-38F, SP 800-56A, SP 800-56C, SP 800-108, SP 800-90B, SP 800-90, PKCS#1, PKCS #1

File metadata

Creation date:	D:20230509105230-04'00'
Modification date:	D:20230509105230-04'00'
Pages:	37
Creator:	Microsoft® Word for Microsoft 365
Producer:	Microsoft® Word for Microsoft 365

References

Heuristics ?

No heuristics are available for this certificate.

References ?

No references are available for this certificate.

Updates ?

26.06.2023 The certificate was first processed.

New certificate

A new FIPS 140 certificate with the product name was processed.

Raw data

{
  "_type": "sec_certs.sample.fips.FIPSCertificate",
  "cert_id": 4523,
  "dgst": "9e2f46c99a2188ab",
  "heuristics": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.Heuristics",
    "algorithms": {
      "_type": "Set",
      "elements": [
        "KBKDF#A1910",
        "AES#A1908",
        "KDA#A1908",
        "KTS#A1908",
        "KAS#A1908",
        "AES#A1791",
        "HMAC#A1908",
        "DRBG#A1791",
        "KTS-RSA#A1908",
        "DRBG#A1908",
        "ECDSA#A1908",
        "CVL#A1908",
        "RSA#A1908",
        "SHS#A1908"
      ]
    },
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.7.103",
        "1.7.100",
        "3.0",
        "1.7.102"
      ]
    },
    "indirect_transitive_cves": null,
    "module_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "module_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "policy_processed_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "policy_prunned_references": {
      "_type": "Set",
      "elements": []
    },
    "related_cves": null,
    "verified_cpe_matches": null
  },
  "pdf_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.PdfData",
    "keywords": {
      "asymmetric_crypto": {
        "ECC": {
          "ECC": {
            "ECC": 1
          },
          "ECDH": {
            "ECDH": 4
          },
          "ECDSA": {
            "ECDSA": 15
          }
        },
        "FF": {
          "DH": {
            "DH": 2,
            "Diffie-Hellman": 4
          },
          "DSA": {
            "DSA": 1
          }
        },
        "RSA": {
          "RSA 2048": 6,
          "RSA 4096": 2,
          "RSA-OAEP": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {
        "CBC": {
          "CBC": 2
        },
        "CTR": {
          "CTR": 9
        },
        "ECB": {
          "ECB": 3
        },
        "GCM": {
          "GCM": 18
        }
      },
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {
        "KA": {
          "Key Agreement": 17
        },
        "MAC": {
          "MAC": 1
        }
      },
      "device_model": {},
      "ecc_curve": {
        "NIST": {
          "P-256": 16,
          "P-384": 17,
          "P-521": 8,
          "curve P-384": 1,
          "secp256k1": 6,
          "secp384r1": 6
        }
      },
      "eval_facility": {},
      "fips_cert_id": {
        "Cert": {
          "#1": 1
        }
      },
      "fips_certlike": {
        "Certlike": {
          "AES 128, 256": 1,
          "AES GCM 256": 7,
          "AES key ( 256": 1,
          "DRBG 128": 1,
          "DRBG 256": 1,
          "HMAC-SHA-256": 2,
          "PKCS #1": 2,
          "PKCS#1": 2,
          "RSA 2048": 6,
          "RSA 4096": 2,
          "SHA-1": 2,
          "SHA-256": 6,
          "SHA-384": 2,
          "SHA-512": 3,
          "SHA256": 1,
          "SHS 160": 1
        }
      },
      "fips_security_level": {
        "Level": {
          "Level 3": 2
        }
      },
      "hash_function": {
        "SHA": {
          "SHA1": {
            "SHA-1": 2
          },
          "SHA2": {
            "SHA-256": 6,
            "SHA-384": 2,
            "SHA-512": 3,
            "SHA256": 1
          }
        }
      },
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {
        "PRNG": {
          "DRBG": 20
        },
        "RNG": {
          "RNG": 2
        }
      },
      "side_channel_analysis": {},
      "standard_id": {
        "FIPS": {
          "FIPS 140": 2,
          "FIPS 140-2": 18,
          "FIPS 180-4": 1,
          "FIPS 186-4": 4,
          "FIPS 197": 1,
          "FIPS 198-1": 1
        },
        "NIST": {
          "NIST SP 800-90A": 1,
          "SP 800-108": 3,
          "SP 800-38D": 1,
          "SP 800-38F": 1,
          "SP 800-56A": 1,
          "SP 800-56B": 4,
          "SP 800-56C": 1,
          "SP 800-90": 1,
          "SP 800-90B": 5
        },
        "PKCS": {
          "PKCS #1": 1,
          "PKCS#1": 1
        }
      },
      "symmetric_crypto": {
        "AES_competition": {
          "AES": {
            "AES": 29
          }
        },
        "constructions": {
          "MAC": {
            "HMAC": 6,
            "HMAC-SHA-256": 1
          }
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "policy_metadata": {
      "/CreationDate": "D:20230509105230-04\u002700\u0027",
      "/Creator": "Microsoft\u00ae Word for Microsoft 365",
      "/ModDate": "D:20230509105230-04\u002700\u0027",
      "/Producer": "Microsoft\u00ae Word for Microsoft 365",
      "pdf_file_size_bytes": 821804,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html",
          "http://aws.amazon.com/kms/",
          "http://csrc.nist.gov/groups/STM/cmvp/index.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 37
    }
  },
  "state": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.InternalState",
    "module_download_ok": true,
    "module_extract_ok": true,
    "policy_convert_garbage": false,
    "policy_convert_ok": true,
    "policy_download_ok": true,
    "policy_extract_ok": true,
    "policy_pdf_hash": "973f7c776965b98ae41b6cb5ff62529885f1daa292ad875b8e0932832733f1b4",
    "policy_txt_hash": "6f91a8c1e11ddde2353a58f9d73ea32622f4667a6a3e0d025997a7f5d7063e88"
  },
  "web_data": {
    "_type": "sec_certs.sample.fips.FIPSCertificate.WebData",
    "caveat": "When installed, initialized and configured as specified in Section 3 of the Security Policy",
    "certificate_pdf_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/May 2023_010623_0642.pdf",
    "date_sunset": "2026-09-21",
    "description": "The Amazon AWS Key Management Service HSM is a multi-chip standalone hardware cryptographic appliance designed to provide dedicated cryptographic functions to meet the security and scalability requirements of the AWS Key Management Service (KMS). The cryptographic boundary is defined as the secure chassis of the appliance. All key materials are maintained exclusively in volatile memory in the appliance and are erased immediately upon detection of physical tampering.",
    "embodiment": "Multi-Chip Stand Alone",
    "exceptions": [
      "Mitigation of Other Attacks: N/A"
    ],
    "fw_versions": "1.7.100, 1.7.102 and 1.7.103",
    "historical_reason": null,
    "hw_versions": "3.0",
    "level": 3,
    "mentioned_certs": {},
    "module_name": "AWS Key Management Service HSM",
    "module_type": "Hardware",
    "revoked_link": null,
    "revoked_reason": null,
    "standard": "FIPS 140-2",
    "status": "active",
    "sw_versions": null,
    "tested_conf": null,
    "validation_history": [
      {
        "_type": "sec_certs.sample.fips.FIPSCertificate.ValidationHistoryEntry",
        "date": "2023-05-19",
        "lab": "ACUMEN SECURITY, LLC",
        "validation_type": "Initial"
      }
    ],
    "vendor": "Amazon Web Services, Inc.",
    "vendor_url": "https://aws.amazon.com/kms/"
  }
}