mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
1.9 KiB
1.9 KiB
Standards and References - Envelope Encryption with AWS KMS
AWS Documentation
AWS KMS Developer Guide
- URL: https://docs.aws.amazon.com/kms/latest/developerguide/
- Envelope Encryption: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#enveloping
AWS KMS API Reference
- GenerateDataKey: https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html
- Decrypt: https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html
- ReEncrypt: https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html
AWS Encryption SDK
- URL: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/
- Python: https://aws-encryption-sdk-python.readthedocs.io/
Cryptographic Standards
NIST SP 800-57 Part 1 - Key Management
- URL: https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final
- Relevance: Key hierarchy and key wrapping concepts
NIST SP 800-38F - Key Wrap
- URL: https://csrc.nist.gov/publications/detail/sp/800-38f/final
- Description: AES Key Wrap specification used by KMS internally
FIPS 140-2 Level 2 (KMS HSMs)
- Description: KMS HSMs are validated at FIPS 140-2 Level 2 (Level 3 for CloudHSM)
Compliance Frameworks
PCI DSS v4.0 Requirement 3
- Key management with separation of DEK and KEK
- KMS satisfies key management requirements
SOC 2 Type II
- AWS KMS is SOC 2 compliant
- Encryption controls map to CC6.1 (logical access controls)
HIPAA
- KMS encryption satisfies encryption requirements for ePHI
- BAA required with AWS
Python Libraries
boto3 (AWS SDK for Python)
- URL: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms.html
- PyPI: https://pypi.org/project/boto3/
aws-encryption-sdk
- URL: https://pypi.org/project/aws-encryption-sdk/
- Description: High-level envelope encryption with caching