Compliance validation for Amazon Key Management Service
Third-party auditors assess the security and compliance of Amazon Key Management Service as part of multiple Amazon compliance programs. These include SOC, PCI, FedRAMP, HIPAA, and others.
Compliance and security documents
The following compliance and security documents cover Amazon KMS. To view them, use Amazon Artifact.
-
Cloud Computing Compliance Controls Catalogue (C5)
-
ISO 27001:2013 Statement of Applicability (SoA)
-
ISO 27001:2013 Certification
-
ISO 27017:2015 Statement of Applicability (SoA)
-
ISO 27017:2015 Certification
-
ISO 27018:2015 Statement of Applicability (SoA)
-
ISO 27018:2014 Certification
-
ISO 9001:2015 Certification
-
PCI DSS Attestation of Compliance (AOC) and Responsibility Summary
-
Service Organization Controls (SOC) 1 Report
-
Service Organization Controls (SOC) 2 Report
-
Service Organization Controls (SOC) 2 Report For Confidentiality
-
FedRAMP-High
For help using Amazon Artifact, see Downloading
Reports in Amazon Artifact
Learn more
Your compliance responsibility when using Amazon KMS is determined by the sensitivity of your data, your company's compliance objectives, and applicable laws and regulations. If your use of Amazon KMS is subject to compliance with a published standard, Amazon provides resources to help:
-
Amazon Services in Scope by Compliance Program
– This page lists Amazon services that are in scope of specific compliance programs. For general information, see Amazon Compliance Programs . -
Security and Compliance Quick Start Guides
– These deployment guides discuss architectural considerations and provide steps for deploying security- and compliance-focused baseline environments on Amazon. -
Amazon Compliance Resources
– This collection of workbooks and guides might apply to your industry and location. -
Amazon Config – This Amazon service assesses how well your resource configurations comply with internal practices, industry guidelines, and regulations.
-
Amazon Security Hub – This Amazon service provides a comprehensive view of your security state within Amazon. Security Hub uses security controls to evaluate your Amazon resources and to check your compliance against security industry standards and best practices. For a list of supported services and controls, see Security Hub controls reference.