Compliance

The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies security requirements for cryptographic modules that protect sensitive information. The type hsm1.medium HSMs provided by AWS CloudHSM are FIPS 140-2 level 3 certified (Certificate #4218). For more information, refer to FIPS validation for hardware.

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council. The HSMs provided by AWS CloudHSM comply with PCI DSS.

PCI PIN provides security requirement and assessment standards for transmitting, processing, and managing personal identification number (PIN) data, information that is used for transactions at ATMs and point-of-sale (POS) terminals. The hsm1.medium HSMs that are provided by AWS CloudHSM have been PCI PIN compliant since January 2023. For more information, refer to the article AWS CloudHSM is now PCI PIN certified.

PCI 3DS (or Three Domain Secure, 3-D Secure) provides security of data for EMV 3D secure e-commerce payments. PCI 3DS provides another layer of security for online shopping. The type hsm1.medium HSMs provided by AWS CloudHSM are PCI-3DS compliant.

SOC2 is a framework to help service organizations demonstrate their cloud and data center security controls. AWS CloudHSM has implemented SOC2 controls in critical areas to adhere to the trusted service principles. For further information, refer to The AWS SOC FAQs page.