Cryptographic Module Validation Program

Cryptographic Module Validation Program CMVP

Certificate #3739

Details

Module Name

AWS Nitro Card Security Engine

Standard

FIPS 140-2

Status

Active

Sunset Date

10/28/2025

Validation Dates

10/29/2020

Overall Level

Caveat

When operated in FIPS mode

Security Level Exceptions

Mitigation of Other Attacks: N/A

Module Type

Firmware-Hybrid

Embodiment

Multi-Chip Stand Alone

Description

The AWS Nitro Card Security Engine is a multi-chip standalone firmware-hybrid module. The Approved cryptographic services provided by the module are: - Data encryption / decryption utilizing symmetric ciphers, i.e. AES algorithms. - Computation of hash values, i.e. SHA-256, SHA-512. - Message authentication utilizing HMAC-SHA256, HMAC-SHA512, hashing algorithms.

Tested Configuration(s)

Carbon Linux (Linux kernel 4.9.32) running on Cortex ARMv8 with AL5+

FIPS Algorithms

AES	Cert. #C997
HMAC	Cert. #C2168
SHS	Cert. #C997

Allowed Algorithms

N/A

Hardware Versions

AL5+

Firmware Versions

HAL-rel-3.2-uemu-fips

Vendor

Amazon Web Services, Inc.
410 Terry Ave N
Ste 1200
Seattle, WA 98109-5210
USA

Taeil Um
taeilum@amazon.com
Phone: n/a
Fax: n/a
Benita Bose
bbose@amazon.com
Phone: n/a
Fax: n/a

Related Files

Security Policy
Consolidated Certificate

Lab

ACUMEN SECURITY, LLC
NVLAP Code: 201029-0

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

Computer Security Resource Center