Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4759

Details

Module Name
AWS-LC Cryptographic Module (dynamic)
Standard
FIPS 140-3
Status
Active
Sunset Date
8/13/2026
Overall Level
1
Caveat
Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
Security Level Exceptions
  • Physical security: N/A
  • Non-invasive security: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Software
Embodiment
Multi-Chip Stand Alone
Description
AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Tested Configuration(s)
  • Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Amazon Linux 2 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Amazon Linux 2 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
  • Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Amazon Linux 2023 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Amazon Linux 2023 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
  • Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor with PAA
  • Ubuntu 22.04 running Amazon EC2 c7g.metal with Graviton3 processor without PAA
  • Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor with PAA
  • Ubuntu 22.04 running on Amazon EC2 c5.metal with Intel Xeon Platinum 8275CL processor without PAA
Approved Algorithms
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CBC
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CCM
AES-CMAC
AES-CMAC
AES-CMAC
AES-CMAC
AES-CMAC
AES-CMAC
AES-CTR
AES-CTR
AES-CTR
AES-CTR
AES-CTR
AES-CTR
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-ECB
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GCM
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-GMAC
AES-KW
AES-KW
AES-KW
AES-KW
AES-KW
AES-KW
AES-KWP
AES-KWP
AES-KWP
AES-KWP
AES-KWP
AES-KWP
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
AES-XTS Testing Revision 2.0
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
Counter DRBG
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyGen (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA KeyVer (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigGen (FIPS186-5)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-4)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
ECDSA SigVer (FIPS186-5)
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA-1
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-224
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
HMAC-SHA2-512/256
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDA HKDF Sp800-56Cr1
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF SSH
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
KDF TLS
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
PBKDF
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA KeyGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigGen (FIPS186-5)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
RSA SigVer (FIPS186-5)
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA-1
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-224
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-384
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
SHA2-512/256
Software Versions
AWS-LC FIPS 2.0.0

Vendor

Amazon Web Services Inc.
1918 8th Ave.
Seattle, WA 98121
USA

Daryl Martin
aws-fips-external@amazon.com
Phone: 0000000000

Validation History

Date Type Lab
8/14/2024 Initial ATSEC INFORMATION SECURITY CORP