Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to confirm endpoints are FIPS enabled in US GovCloud

0

Hi all

I am working to ensure our environment strictly uses FIPS VPC endpoints within AWS GovCloud.

While reviewing the FIPS Endpoints by Service documentation - https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service, I noticed the list appears incomplete. For example, ssmmessages and ssmmessages-fips are not explicitly listed, yet openssl testing confirms it supports TLS v1.3 and AES ciphers:

openssl s_client -connect ssmmessages.us-gov-east-1.amazonaws.com:443
openssl s_client -connect ssmmessages-fips.us-gov-east-1.amazonaws.com:443

The openssl results said the endpoints negotiate FIPS-approved TLS ciphers - https://repost.aws/questions/QUoQCzOCo2TIaciweOenk-1Q/govcloud-fips-endpoint-email-smtp-fips-secretsmanager-fips-us-gov-east-1-are-available. But can it guarantee that those endpoints are fips enabled?

Does anyone know of a failsafe way to confirm 100% that an endpoint is FIPS-validated? I want to ensure we aren't relying on "incidental" compliance that hasn't been officially audited.

Thanks.

Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon VPCSecurity, Identity, & Compliance
Language
English
asked 3 months ago61 views
1 Answer
0

Worth taking a look at this:

https://aws.amazon.com/compliance/fips/

https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html

https://csrc.nist.gov/projects/cryptographic-module-validation-program

EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content