Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.

# Politiche di sicurezza per i server AWS Transfer Family
<a name="security-policies"></a>

Le politiche di sicurezza del server AWS Transfer Family consentono di limitare l'insieme di algoritmi crittografici (codici di autenticazione dei messaggi (MAC), scambi di chiavi (KEX), suite di crittografia, cifrari di crittografia dei contenuti e algoritmi di hash) associati al server.

AWS Transfer Family supporta politiche di sicurezza post-quantistiche che utilizzano algoritmi di scambio di chiavi ibridi, combinando metodi crittografici tradizionali con algoritmi post-quantistici per fornire una maggiore sicurezza contro le future minacce informatiche quantistiche. Per ulteriori informazioni, consulta [Utilizzo dello scambio di chiavi post-quantistiche ibrido con AWS Transfer Family](post-quantum-security-policies.md).

Per un elenco degli algoritmi crittografici supportati, vedere. [Algoritmi crittografici](#cryptographic-algorithms) Per un elenco degli algoritmi a chiave supportati da utilizzare con le chiavi dell'host del server e le chiavi utente gestite dal servizio, vedere. [Gestione delle chiavi SSH e PGP in Transfer Family](key-management.md)

**Nota**  
A partire dal 2025, tutte le nuove politiche di AWS Transfer Family sicurezza includono il supporto crittografico post-quantistico che utilizza algoritmi di scambio di chiavi ibridi. Per ulteriori informazioni sulla sicurezza post-quantistica, vedere. [Utilizzo dello scambio di chiavi post-quantistiche ibrido con AWS Transfer Family](post-quantum-security-policies.md)

**Nota**  
Consigliamo vivamente di aggiornare i server alla nostra politica di sicurezza più recente.  
`TransferSecurityPolicy-2024-01`è la politica di sicurezza predefinita allegata al server quando si crea un server utilizzando la console, l'API o la CLI.
Se si crea un server Transfer Family utilizzando CloudFormation e si accetta la politica di sicurezza predefinita, il server viene assegnato`TransferSecurityPolicy-2018-11`.
Se sei preoccupato per la compatibilità dei client, indica affermativamente quale politica di sicurezza desideri utilizzare durante la creazione o l'aggiornamento di un server anziché utilizzare la politica predefinita, che è soggetta a modifiche. Per modificare la politica di sicurezza di un server, consulta. [Modifica la politica di sicurezza](edit-server-config.md#edit-cryptographic-algorithm)

**Nota**  
Le precedenti politiche post-quantistiche (**TransferSecurityPolicy-PQ-SSH-Experimental-2023-04**e **TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04**) sono obsolete. Ti consigliamo invece di utilizzare le nuove politiche.

Per ulteriori informazioni sulla sicurezza in Transfer Family, consulta i seguenti post del blog:
+ [Sei suggerimenti per migliorare la sicurezza del tuo AWS Transfer Family server](https://aws.amazon.com/blogs/security/six-tips-to-improve-the-security-of-your-aws-transfer-family-server/)
+ [In che modo Transfer Family può aiutarti a creare una soluzione di trasferimento di file gestita sicura e conforme](https://aws.amazon.com/blogs/security/how-transfer-family-can-help-you-build-a-secure-compliant-managed-file-transfer-solution/)

**Topics**
+ [Algoritmi crittografici](#cryptographic-algorithms)
+ [Dettagli della politica di sicurezza](#security-policy-details)

## Algoritmi crittografici
<a name="cryptographic-algorithms"></a>

Per le chiavi host, supportiamo i seguenti algoritmi:
+ `rsa-sha2-256`
+ `rsa-sha2-512`
+ `ecdsa-sha2-nistp256`
+ `ecdsa-sha2-nistp384`
+ `ecdsa-sha2-nistp521`
+ `ssh-ed25519`

Inoltre, le seguenti politiche di sicurezza consentono`ssh-rsa`:
+ TransferSecurityPolicy-2018-11
+ TransferSecurityPolicy-2020-06
+ TransferSecurityPolicy-FIPS-2020-06
+ TransferSecurityPolicy-FIPS-2023-05
+ TransferSecurityPolicy-FIPS-2024-01

**Nota**  
È importante comprendere la distinzione tra il tipo di chiave RSA, che è sempre, `ssh-rsa` e l'algoritmo della chiave host RSA, che può essere uno qualsiasi degli algoritmi supportati.

Di seguito è riportato un elenco di algoritmi crittografici supportati per ogni policy di sicurezza.

**Nota**  
Nella tabella e nelle politiche seguenti, si noti il seguente utilizzo dei tipi di algoritmo.  
I server SFTP utilizzano solo algoritmi nelle sezioni **SshCiphers**SshKexs****, e **SshMacs**.
I server FTPS utilizzano solo gli algoritmi presenti nella sezione. **TlsCiphers**
I server FTP, poiché non utilizzano la crittografia, non utilizzano nessuno di questi algoritmi.
I server AS2 utilizzano solo algoritmi nelle sezioni e. **ContentEncryptionCiphers**HashAlgorithms**** Queste sezioni definiscono gli algoritmi utilizzati per crittografare e firmare il contenuto dei file.
Le politiche FIPS-2024-05 di FIPS-2024-01 sicurezza sono identiche, tranne per il fatto che FIPS-2024-05 non supporta l'`ssh-rsa`algoritmo.
Transfer Family ha introdotto nuove politiche limitate che sono strettamente parallele alle politiche esistenti:  
Le TransferSecurityPolicy-Restricted-2018-11 politiche di TransferSecurityPolicy-2018-11 sicurezza sono identiche, tranne per il fatto che la politica limitata non supporta il `chacha20-poly1305@openssh.com` codice.
Le politiche TransferSecurityPolicy-Restricted-2020-06 di TransferSecurityPolicy-2020-06 sicurezza sono identiche, tranne per il fatto che la politica con restrizioni non supporta il `chacha20-poly1305@openssh.com` codice.
\* Nella tabella seguente, il `chacha20-poly1305@openssh.com` codice è incluso solo nella politica senza restrizioni, 


| Policy di sicurezza | [TransferSecurityPolicy-2025-03](#security-policy-transfer-2025-03) | [TransferSecurityPolicy-FIPS-2025-03](#security-policy-transfer-2025-03-fips) | [TransferSecurityPolicy-SshAuditCompliant-2025-02](#security-policy-transferSecurityPolicy-SshAuditCompliant-2025-02) | [TransferSecurityPolicy-AS2Restricted-2025-07](#security-policy-transfer-as2restricted-2025-07) | [TransferSecurityPolicy-2024-01](#security-policy-transfer-2024-01) |  **[TransferSecurityPolicy-FIPS-2024-01/TransferSecurityPolicy-FIPS-2024-05](#security-policy-transfer-fips-2024-01)**  | [TransferSecurityPolicy-2023-05](#security-policy-transfer-2023-05) | [TransferSecurityPolicy-FIPS-2023-05](#security-policy-transfer-fips-2023-05) | [TransferSecurityPolicy-2022-03](#security-policy-transfer-2022-03) |  **[TransferSecurityPolicy-2020-06 e TransferSecurityPolicy-Restricted-2020-06](#security-policy-transfer-2020-06)**  | [TransferSecurityPolicy-FIPS-2020-06](#security-policy-transfer-fips-2020-06) |  **[TransferSecurityPolicy-2018-11 e TransferSecurityPolicy-Restricted-2018-11](#security-policy-transfer-2018-11)**  | 
| --- |--- |--- |--- |--- |--- |--- |--- |--- |--- |--- |--- |--- |
|  **SshCiphers**  | 
| --- |
| aes128-ctr | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ |  |  |  | ♦ | ♦ | ♦ | 
| aes128-gcm@openssh.com | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| aes192-ctr | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| aes256-ctr | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| aes256-gcm@openssh.com | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| chacha20-poly1305@openssh.com |  |  |  |  |  |  |  |  |  | ♦\* |  | ♦\* | 
|  **SshKexs**  | 
| --- |
| mlkem768x25519-sha256 | ♦ | ♦ |  | ♦ |  |  |  |  |  |  |  |  | 
| mlkem768nistp256-sha256 | ♦ | ♦ |  | ♦ |  |  |  |  |  |  |  |  | 
| mlkem1024nistp384-sha384 | ♦ | ♦ |  | ♦ |  |  |  |  |  |  |  |  | 
| curva 25519-sha256 | ♦ |  | ♦ | ♦ | ♦ |  | ♦ |  | ♦ |  |  | ♦ | 
| curve25519-sha256@libssh.org | ♦ |  | ♦ | ♦ | ♦ |  | ♦ |  | ♦ |  |  | ♦ | 
| diffie-hellman-group14-sha1 |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
| diffie-hellman-gruppo14-sha256 |  |  |  |  |  |  |  |  |  | ♦ | ♦ | ♦ | 
| diffie-hellman-gruppo16-sha512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| diffie-hellman-gruppo18-sha512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| diffie-hellman-group-exchange-sha256 | ♦ | ♦ | ♦ | ♦ | ♦ |  | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| ecdh-sha2-nistp256 | ♦ | ♦ |  | ♦ | ♦ | ♦ |  |  |  | ♦ | ♦ | ♦ | 
| ecdh-sha2-nistp384 | ♦ | ♦ |  | ♦ | ♦ | ♦ |  |  |  | ♦ | ♦ | ♦ | 
| ecdh-sha2-nistp521 | ♦ | ♦ |  | ♦ | ♦ | ♦ |  |  |  | ♦ | ♦ | ♦ | 
|  **SshMacs**  | 
| --- |
| hmac-sha1 |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
| hmac-sha1-etm@openssh.com |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
| hmac-sha2-256 |  |  |  |  |  |  |  |  | ♦ | ♦ | ♦ | ♦ | 
| hmac-sha2-256-etm@openssh.com | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| hmac-sha2-512 |  |  |  |  |  |  |  |  | ♦ | ♦ | ♦ | ♦ | 
| hmac-sha2-512-etm@openssh.com | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| umac-128-etm@openssh.com |  |  |  |  |  |  |  |  |  | ♦ |  | ♦ | 
| umac-128@openssh.com |  |  |  |  |  |  |  |  |  | ♦ |  | ♦ | 
| umac-64-etm@openssh.com |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
| umac-64@openssh.com |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
|  **ContentEncryptionCiphers**  | 
| --- |
| aes256-cbc | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| aes192-cbc | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| aes128-cbc | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| 3des-cbc | ♦ | ♦ | ♦ |  | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
|  **HashAlgorithms**  | 
| --- |
| sha256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| sha384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| sha512 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| sha1 | ♦ | ♦ | ♦ |  | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
|  **TlsCiphers**  | 
| --- |
| TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_CBC\_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_ECDSA\_WITH\_AES\_128\_GCM\_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_CBC\_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_ECDSA\_WITH\_AES\_256\_GCM\_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_RSA\_WITH\_AES\_128\_CBC\_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_RSA\_WITH\_AES\_256\_CBC\_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_ECDHE\_RSA\_WITH\_AES\_256\_GCM\_SHA384 | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | ♦ | 
| TLS\_RSA\_WITH\_AES\_128\_CBC\_SHA256 |  |  |  |  |  |  |  |  |  |  |  | ♦ | 
| TLS\_RSA\_WITH\_AES\_256\_CBC\_SHA256 |  |  |  |  |  |  |  |  |  |  |  | ♦ | 

## Dettagli della politica di sicurezza
<a name="security-policy-details"></a>

Le seguenti sezioni contengono la rappresentazione JSON di ogni policy di sicurezza.

### TransferSecurityPolicy-2025-03
<a name="security-policy-transfer-2025-03"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2025-03 di sicurezza.

```
{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2025-03",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "mlkem768x25519-sha256",
            "mlkem768nistp256-sha256",
            "mlkem1024nistp384-sha384",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ],
        "Type": "SERVER",
        "Protocols": [
           "SFTP",
           "FTPS"
        ]
    }
}
```

### TransferSecurityPolicy-FIPS-2025-03
<a name="security-policy-transfer-2025-03-fips"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-FIPS-2025-03 di sicurezza.

```
{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2025-03",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr",
            "aes128-ctr"
        ],
        "SshKexs": [
            "mlkem768x25519-sha256",
            "mlkem768nistp256-sha256",
            "mlkem1024nistp384-sha384",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group-exchange-sha256",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ],
        "Type": "SERVER",
        "Protocols": [
           "SFTP",
           "FTPS"
        ]
    }
}
```

### TransferSecurityPolicy-AS2Restricted-2025-07
<a name="security-policy-transfer-as2restricted-2025-07"></a>

Questa politica di sicurezza è progettata per i trasferimenti di file AS2 che richiedono una maggiore sicurezza escludendo gli algoritmi crittografici legacy. Supporta i moderni algoritmi di crittografia AES e SHA-2 hash, rimuovendo al contempo il supporto per algoritmi più deboli come 3DES e. SHA-1

**Nota**  
Questa politica di sicurezza è identica a TransferSecurityPolicy-2025-03, tranne per il fatto che non supporta 3DES (in ContentEncryptionCiphers) e non supporta SHA1 (in). HashAlgorithms Include tutti gli algoritmi del periodo 2025-03, inclusi gli algoritmi crittografici post-quantistici (mlkem\* KeXs).

```
{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-AS2Restricted-2025-07",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "mlkem768x25519-sha256",
            "mlkem768nistp256-sha256",
            "mlkem1024nistp384-sha384",
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ],
        "Type": "SERVER",
        "Protocols": [
           "SFTP",
           "FTPS"
        ]
    }
}
```

### TransferSecurityPolicy-SshAuditCompliant-2025-02
<a name="security-policy-transferSecurityPolicy-SshAuditCompliant-2025-02"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-SshAuditCompliant-2025-02 di sicurezza.

**Nota**  
Questa politica di sicurezza è progettata sulla base delle raccomandazioni fornite dallo `ssh-audit` strumento ed è conforme al 100% a tale strumento.

```
{
  "SecurityPolicy": {
    "Fips": false,
    "Protocols": [
      "SFTP",
      "FTPS"
    ],
    "SecurityPolicyName": "TransferSecurityPolicy-SshAuditCompliant-2025-02",
    "SshCiphers": [
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com",
      "aes128-ctr",
      "aes256-ctr",
      "aes192-ctr"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group-exchange-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com"
    ],
    "ContentEncryptionCiphers": [
      "aes256-cbc",
      "aes192-cbc",
      "aes128-cbc",
      "3des-cbc"
    ],
    "HashAlgorithms": [
      "sha256",
      "sha384",
      "sha512",
      "sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ],
    "Type": "SERVER"
  }
}
```

### TransferSecurityPolicy-2024-01
<a name="security-policy-transfer-2024-01"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2024-01 di sicurezza.

```
{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}
```

### TransferSecurityPolicy-FIPS-2024-01/TransferSecurityPolicy-FIPS-2024-05
<a name="security-policy-transfer-fips-2024-01"></a>

Di seguito vengono illustrate le TransferSecurityPolicy-FIPS-2024-01 e le politiche di TransferSecurityPolicy-FIPS-2024-05 sicurezza.

**Nota**  
Gli endpoint TransferSecurityPolicy-FIPS-2024-01 e le politiche di TransferSecurityPolicy-FIPS-2024-05 sicurezza del servizio FIPS sono disponibili solo in alcune AWS regioni. Per ulteriori informazioni, consulta [Endpoint e quote AWS Transfer Family](https://docs.aws.amazon.com/general/latest/gr/transfer-service.html) nella *Riferimenti generali di AWS*.  
L'unica differenza tra queste due politiche di sicurezza è che TransferSecurityPolicy-FIPS-2024-01 supporta l'`ssh-rsa`algoritmo e TransferSecurityPolicy-FIPS-2024-05 non lo supporta.

```
{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2024-01",
        "SshCiphers": [
            "aes128-gcm@openssh.com",
            "aes256-gcm@openssh.com",
            "aes128-ctr",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "ecdh-sha2-nistp256",
            "ecdh-sha2-nistp384",
            "ecdh-sha2-nistp521",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}
```

### TransferSecurityPolicy-2023-05
<a name="security-policy-transfer-2023-05"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2023-05 di sicurezza.

```
{
    "SecurityPolicy": {
        "Fips": false,
        "SecurityPolicyName": "TransferSecurityPolicy-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "curve25519-sha256",
            "curve25519-sha256@libssh.org",
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-512-etm@openssh.com",
            "hmac-sha2-256-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}
```

### TransferSecurityPolicy-FIPS-2023-05
<a name="security-policy-transfer-fips-2023-05"></a>

I dettagli della certificazione FIPS per sono AWS Transfer Family disponibili all'indirizzo [https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all)

Di seguito viene illustrata la politica TransferSecurityPolicy-FIPS-2023-05 di sicurezza.

**Nota**  
L'endpoint e la politica di TransferSecurityPolicy-FIPS-2023-05 sicurezza del servizio FIPS sono disponibili solo in alcune AWS regioni. Per ulteriori informazioni, consulta [Endpoint e quote AWS Transfer Family](https://docs.aws.amazon.com/general/latest/gr/transfer-service.html) nella *Riferimenti generali di AWS*.

```
{
    "SecurityPolicy": {
        "Fips": true,
        "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2023-05",
        "SshCiphers": [
            "aes256-gcm@openssh.com",
            "aes128-gcm@openssh.com",
            "aes256-ctr",
            "aes192-ctr"
        ],
        "SshKexs": [
            "diffie-hellman-group16-sha512",
            "diffie-hellman-group18-sha512",
            "diffie-hellman-group-exchange-sha256"
        ],
        "SshMacs": [
            "hmac-sha2-256-etm@openssh.com",
            "hmac-sha2-512-etm@openssh.com"
        ],
        "ContentEncryptionCiphers": [
            "aes256-cbc",
            "aes192-cbc",
            "aes128-cbc",
            "3des-cbc"
        ],
        "HashAlgorithms": [
            "sha256",
            "sha384",
            "sha512",
            "sha1"
        ],
        "TlsCiphers": [
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
        ]
    }
}
```

### TransferSecurityPolicy-2022-03
<a name="security-policy-transfer-2022-03"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2022-03 di sicurezza.

```
{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2022-03",
    "SshCiphers": [
      "aes256-gcm@openssh.com",
      "aes128-gcm@openssh.com",
      "aes256-ctr",
      "aes192-ctr"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group-exchange-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512",
      "hmac-sha2-256"
    ],
    "ContentEncryptionCiphers": [
      "aes256-cbc",
      "aes192-cbc",
      "aes128-cbc",
      "3des-cbc"
    ],
    "HashAlgorithms": [
      "sha256",
      "sha384",
      "sha512",
      "sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}
```

### TransferSecurityPolicy-2020-06 e TransferSecurityPolicy-Restricted-2020-06
<a name="security-policy-transfer-2020-06"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2020-06 di sicurezza.

**Nota**  
Le TransferSecurityPolicy-Restricted-2020-06 politiche di TransferSecurityPolicy-2020-06 sicurezza sono identiche, tranne per il fatto che la politica con restrizioni non supporta il `chacha20-poly1305@openssh.com` codice.

```
{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2020-06",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com", //Not included in TransferSecurityPolicy-Restricted-2020-06
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "ContentEncryptionCiphers": [
      "aes256-cbc",
      "aes192-cbc",
      "aes128-cbc",
      "3des-cbc"
    ],
    "HashAlgorithms": [
      "sha256",
      "sha384",
      "sha512",
      "sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}
```

### TransferSecurityPolicy-FIPS-2020-06
<a name="security-policy-transfer-fips-2020-06"></a>

I dettagli della certificazione FIPS per sono AWS Transfer Family disponibili all'indirizzo [https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all](https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search/all)

Di seguito viene illustrata la politica TransferSecurityPolicy-FIPS-2020-06 di sicurezza.

**Nota**  
L'endpoint e la politica di TransferSecurityPolicy-FIPS-2020-06 sicurezza del servizio FIPS sono disponibili solo in alcune AWS regioni. Per ulteriori informazioni, consulta [Endpoint e quote AWS Transfer Family](https://docs.aws.amazon.com/general/latest/gr/transfer-service.html) nella *Riferimenti generali di AWS*.

```
{
  "SecurityPolicy": {
    "Fips": true,
    "SecurityPolicyName": "TransferSecurityPolicy-FIPS-2020-06",
    "SshCiphers": [
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256"
    ],
    "SshMacs": [
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512"
    ],
    "ContentEncryptionCiphers": [
      "aes256-cbc",
      "aes192-cbc",
      "aes128-cbc",
      "3des-cbc"
    ],
    "HashAlgorithms": [
      "sha256",
      "sha384",
      "sha512",
      "sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    ]
  }
}
```

### TransferSecurityPolicy-2018-11 e TransferSecurityPolicy-Restricted-2018-11
<a name="security-policy-transfer-2018-11"></a>

Di seguito viene illustrata la politica TransferSecurityPolicy-2018-11 di sicurezza.

**Nota**  
Le TransferSecurityPolicy-Restricted-2018-11 politiche di TransferSecurityPolicy-2018-11 sicurezza sono identiche, tranne per il fatto che la politica con restrizioni non supporta il `chacha20-poly1305@openssh.com` codice.

```
{
  "SecurityPolicy": {
    "Fips": false,
    "SecurityPolicyName": "TransferSecurityPolicy-2018-11",
    "SshCiphers": [
      "chacha20-poly1305@openssh.com", //Not included in TransferSecurityPolicy-Restricted-2018-11
      "aes128-ctr",
      "aes192-ctr",
      "aes256-ctr",
      "aes128-gcm@openssh.com",
      "aes256-gcm@openssh.com"
    ],
    "SshKexs": [
      "curve25519-sha256",
      "curve25519-sha256@libssh.org",
      "ecdh-sha2-nistp256",
      "ecdh-sha2-nistp384",
      "ecdh-sha2-nistp521",
      "diffie-hellman-group-exchange-sha256",
      "diffie-hellman-group16-sha512",
      "diffie-hellman-group18-sha512",
      "diffie-hellman-group14-sha256",
      "diffie-hellman-group14-sha1"
    ],
    "SshMacs": [
      "umac-64-etm@openssh.com",
      "umac-128-etm@openssh.com",
      "hmac-sha2-256-etm@openssh.com",
      "hmac-sha2-512-etm@openssh.com",
      "hmac-sha1-etm@openssh.com",
      "umac-64@openssh.com",
      "umac-128@openssh.com",
      "hmac-sha2-256",
      "hmac-sha2-512",
      "hmac-sha1"
    ],
    "ContentEncryptionCiphers": [
      "aes256-cbc",
      "aes192-cbc",
      "aes128-cbc",
      "3des-cbc"
    ],
    "HashAlgorithms": [
      "sha256",
      "sha384",
      "sha512",
      "sha1"
    ],
    "TlsCiphers": [
      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
      "TLS_RSA_WITH_AES_128_CBC_SHA256",
      "TLS_RSA_WITH_AES_256_CBC_SHA256"
    ]
  }
}
```