Compliance validation for AWS Key Management Service - AWS Key Management Service
Compliance and security documentsLearn more

Compliance validation for AWS Key Management Service

Third-party auditors assess the security and compliance of AWS Key Management Service as part of multiple AWS compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others.

Compliance and security documents

The following compliance and security documents cover AWS KMS. To view them, use AWS Artifact.

  • Cloud Computing Compliance Controls Catalogue (C5)

  • ISO 27001:2013 Statement of Applicability (SoA)

  • ISO 27001:2013 Certification

  • ISO 27017:2015 Statement of Applicability (SoA)

  • ISO 27017:2015 Certification

  • ISO 27018:2015 Statement of Applicability (SoA)

  • ISO 27018:2014 Certification

  • ISO 9001:2015 Certification

  • PCI DSS Attestation of Compliance (AOC) and Responsibility Summary

  • Service Organization Controls (SOC) 1 Report

  • Service Organization Controls (SOC) 2 Report

  • Service Organization Controls (SOC) 2 Report For Confidentiality

  • FedRAMP-High

For help using AWS Artifact, see Downloading Reports in AWS Artifact.

Learn more

Your compliance responsibility when using AWS KMS is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. If your use of AWS KMS is subject to compliance with a published standard, AWS provides resources to help:

  • AWS Services in Scope by Compliance Program – This page lists AWS services that are in scope of specific compliance programs. For general information, see AWS Compliance Programs.

  • Security and Compliance Quick Start Guides – These deployment guides discuss architectural considerations and provide steps for deploying security- and compliance-focused baseline environments on AWS.

  • AWS Compliance Resources – This collection of workbooks and guides might apply to your industry and location.

  • AWS Config – This AWS service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • AWS Security Hub – This AWS service provides a comprehensive view of your security state within AWS. Security Hub uses security controls to evaluate your AWS resources and to check your compliance against security industry standards and best practices. For a list of supported services and controls, see Security Hub controls reference.