Certified Security - Specialty

Sign Up Free or Log In to participate!

KMS FIPS140-2 Compliance

The course states that for FIPS140-2 compliance, you need Cloud HSM, is not a correct statement. KMS is also FIPS140-2 compliant, but it is at level2 whereas CloudHSM is at Level3. Can you please have it checked.

1 Answers


AWS KMS HSMs are validated at level 2 overall and at level 3 in the following areas:

Cryptographic Module Specification

Roles, Services, and Authentication

Physical Security

Design Assurance

You can also make AWS KMS requests to API endpoints that terminate TLS sessions using a FIPS 140-2 validated cryptographic software module. To do so, connect to the unique FIPS 140-2 validated HTTPS endpoints in the AWS KMS requests made from your applications. AWS KMS FIPS 140-2 validated HTTPS endpoints are powered by the OpenSSL FIPS Object Module. FIPS 140-2 validated API endpoints are available in all commercial regions where AWS KMS is available.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?