The course states that for FIPS140-2 compliance, you need Cloud HSM, is not a correct statement. KMS is also FIPS140-2 compliant, but it is at level2 whereas CloudHSM is at Level3. Can you please have it checked.
1 Answers
AWS KMS HSMs are validated at level 2 overall and at level 3 in the following areas:
Cryptographic Module Specification
Roles, Services, and Authentication
Physical Security
Design Assurance
You can also make AWS KMS requests to API endpoints that terminate TLS sessions using a FIPS 140-2 validated cryptographic software module. To do so, connect to the unique FIPS 140-2 validated HTTPS endpoints in the AWS KMS requests made from your applications. AWS KMS FIPS 140-2 validated HTTPS endpoints are powered by the OpenSSL FIPS Object Module. FIPS 140-2 validated API endpoints are available in all commercial regions where AWS KMS is available.
+1 Can someone please confirm the same [Ref: https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/3139]
https://aws.amazon.com/blogs/security/aws-key-management-service-now-offers-fips-140-2-validated-cryptographic-modules-enabling-easier-adoption-of-the-service-for-regulated-workloads/