Open mvhowardAWS opened 1 month ago
Currently having to manually search the CMVP portal to validate certificates. If an RSS, update, release note could be added for our team to monitor that would help. Also if an API was exposed we could automate the checks for easier management.
Is your feature request related to a problem? Please describe. Amazon Linux regularly works with NIST to have various packages FIPS certified as part of the Cryptographic Module Validation Program (CMVP). However, it's up to customers to regularly check the CMVP website or the relevant FAQ pages for AL2 and AL23 to see if there are updates to these certificates. Updates to certificates require customers compliance teams to update their documentation and work with their auditors to ensure these changes are reflected accurately.
For example:
Describe the solution you'd like I'd like to see Amazon to notify me directly when a NIST certificate for a Amazon Linux package updates. One method could be via AWS Health Notification to my account. Alternatively, you could include it as part of release notes that I can subscribe to.