Compliance - AWS CloudHSM

Compliance

For clusters in FIPS mode, AWS CloudHSM provides FIPS-approved HSMs that meet PCI-PIN, PCI-3DS, and SOC2 compliance requirements. AWS CloudHSM also gives customers the option of choosing clusters that are non-FIPS mode. For details on what certification and compliance requirements apply to each, see AWS CloudHSM cluster modes.

Relying on a FIPS-validated HSM can help you meet corporate, contractual, and regulatory compliance requirements for data security in the AWS Cloud.

FIPS 140-2 Compliance

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies security requirements for cryptographic modules that protect sensitive information. The type hsm1.medium HSMs provided by AWS CloudHSM are FIPS 140-2 level 3 certified (Certificate #4218). For more information, refer to FIPS validation for hardware.

FIPS 140-3 Compliance

The Federal Information Processing Standard (FIPS) Publication 140-3 is a US government security standard that specifies security requirements for cryptographic modules that protect sensitive information. The type hsm2m.medium HSMs provided by AWS CloudHSM are FIPS 140-3 level 3 certified (Certificate #4703). For more information, refer to FIPS validation for hardware.

PCI DSS Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council. The HSMs provided by AWS CloudHSM comply with PCI DSS.

PCI PIN Compliance

PCI PIN provides security requirement and assessment standards for transmitting, processing, and managing personal identification number (PIN) data, information that is used for transactions at ATMs and point-of-sale (POS) terminals. The hsm1.medium HSMs that are provided by AWS CloudHSM have been PCI PIN compliant since January 2023. For more information, refer to the article AWS CloudHSM is now PCI PIN certified.

PCI-3DS Compliance

PCI 3DS (or Three Domain Secure, 3-D Secure) provides security of data for EMV 3D secure e-commerce payments. PCI 3DS provides another layer of security for online shopping. The type hsm1.medium HSMs provided by AWS CloudHSM are PCI-3DS compliant.

SOC2

SOC2 is a framework to help service organizations demonstrate their cloud and data center security controls. AWS CloudHSM has implemented SOC2 controls in critical areas to adhere to the trusted service principles. For further information, refer to The AWS SOC FAQs page.