Compliance validation for Amazon Key Management Service - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Compliance validation for Amazon Key Management Service

Third-party auditors assess the security and compliance of Amazon Key Management Service as part of multiple Amazon compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others.

Compliance and security documents

The following compliance and security documents cover Amazon KMS. To view them, use Amazon Artifact.

  • Cloud Computing Compliance Controls Catalogue (C5)

  • ISO 27001:2013 Statement of Applicability (SoA)

  • ISO 27001:2013 Certification

  • ISO 27017:2015 Statement of Applicability (SoA)

  • ISO 27017:2015 Certification

  • ISO 27018:2015 Statement of Applicability (SoA)

  • ISO 27018:2014 Certification

  • ISO 9001:2015 Certification

  • PCI DSS Attestation of Compliance (AOC) and Responsibility Summary

  • Service Organization Controls (SOC) 1 Report

  • Service Organization Controls (SOC) 2 Report

  • Service Organization Controls (SOC) 2 Report For Confidentiality

  • FedRAMP-High

For help using Amazon Artifact, see Downloading Reports in Amazon Artifact.

Learn more

Your compliance responsibility when using Amazon KMS is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. If your use of Amazon KMS is subject to compliance with a published standard, Amazon provides resources to help:

  • Amazon Services in Scope by Compliance Program – This page lists Amazon services that are in scope of specific compliance programs. For general information, see Amazon Compliance Programs.

  • Security and Compliance Quick Start Guides – These deployment guides discuss architectural considerations and provide steps for deploying security- and compliance-focused baseline environments on Amazon.

  • Amazon Compliance Resources – This collection of workbooks and guides might apply to your industry and location.

  • Amazon Config – This Amazon service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • Amazon Security Hub – This Amazon service provides a comprehensive view of your security state within Amazon that helps you check your compliance with security industry standards and best practices.