Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4593

Details

Module Name
Amazon Linux 2 Kernel Crypto API Cryptographic Module
Standard
FIPS 140-2
Status
Active
Sunset Date
9/13/2025
Overall Level
1
Caveat
When operated in FIPS mode with module Amazon Linux 2 NSS Cryptographic Module validated to FIPS 140-2 under Cert. #4565 operating in FIPS mode
Security Level Exceptions
  • Physical Security: N/A
  • Mitigation of Other Attacks: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
The Linux kernel Crypto API implemented in the Amazon Linux 2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator.
Tested Configuration(s)
  • Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 with PAA
  • Amazon Linux 2 running on Amazon EC2 c6g.metal with Graviton 2 without PAA (single-user mode)
  • Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 with PAA
  • Amazon Linux 2 running on Amazon EC2 i3.metal with Intel Xeon E5-2686 without PAA
Approved Algorithms
AES Certs. #A3671, #A3672, #A3673, #A3675, #A3676, #A3677, #A3678, #A3679, #A3680, #C911, #C912, #C913, #C914, #C915 and #C917
DRBG Certs. #A3671, #A3672, #A3673, #A3676, #A3679, #C911, #C913, #C915, #C918, #C919, #C920 and #C921
HMAC Certs. #A3671, #A3672, #A3673, #A3674, #A3678, #A3681, #A3741, #C803, #C918, #C919, #C920, #C921 and #C923
KTS AES Certs. #A3673, #A3675, #A3676, #A3677, #A3678, #A3679, #A3680, #C911, #C912, #C913, #C914, #C915 and #C917; key establishment methodology provides between 128 and 256 bits of encryption strength
KTS AES Certs. #A3671, #A3672, #A3673, #A3675, #A3676, #A3677, #A3678, #A3679, #A3680, #C911, #C912, #C913, #C914, #C915 and #C917 and HMAC Certs. #A3671, #A3672, #A3673, #A3678, #A3681, #C918, #C919, #C920 and #C921; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA Certs. #A3673, #C918, #C919, #C920, #C921 and #C923
SHA-3 Certs. #A3674 and #C923
SHS Certs. #A3671, #A3672, #A3673, #A3678, #A3681, #C918, #C919, #C920 and #C921
Triple-DES Certs. #A3673 and #C923
Allowed Algorithms
NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)
Software Versions
1.0

Vendor

Amazon Web Services, Inc.
1918 8th Ave.
Seattle, WA 98121
USA

Amazon Linux Security
amazon-linux-fips-external@amazon.com
Raghuram Kota
amazon-linux-fips-external@amazon.com

Validation History

Date Type Lab
9/12/2023 Initial ATSEC INFORMATION SECURITY CORP
11/13/2023 Update ATSEC INFORMATION SECURITY CORP