Compliance validation for Amazon Key Management Service - Amazon Key Management Service
Compliance and security documentsLearn more
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Compliance validation for Amazon Key Management Service

Third-party auditors assess the security and compliance of Amazon Key Management Service as part of multiple Amazon compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others.

Compliance and security documents

The following compliance and security documents cover Amazon KMS. To view them, use Amazon Artifact.

  • Cloud Computing Compliance Controls Catalogue (C5)

  • ISO 27001:2013 Statement of Applicability (SoA)

  • ISO 27001:2013 Certification

  • ISO 27017:2015 Statement of Applicability (SoA)

  • ISO 27017:2015 Certification

  • ISO 27018:2015 Statement of Applicability (SoA)

  • ISO 27018:2014 Certification

  • ISO 9001:2015 Certification

  • PCI DSS Attestation of Compliance (AOC) and Responsibility Summary

  • Service Organization Controls (SOC) 1 Report

  • Service Organization Controls (SOC) 2 Report

  • Service Organization Controls (SOC) 2 Report For Confidentiality

  • FedRAMP-High

For help using Amazon Artifact, see Downloading Reports in Amazon Artifact.

Learn more

Your compliance responsibility when using Amazon KMS is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. If your use of Amazon KMS is subject to compliance with a published standard, Amazon provides resources to help: