This document discusses key management systems and cloud migration. It begins with an overview of encryption at rest using DoDAF and various AWS services like S3, EBS, RDS, and Redshift. It then provides details on the AWS Key Management Service (KMS), how it allows users to create and manage encryption keys to protect data on supported AWS services. KMS ensures keys are securely stored and accessible only by authorized users or services. The document also discusses how database encryption can be implemented using KMS and compares KMS to on-premises key management and CloudHSM. It concludes with topics on identity and access management policies, standards for archiving to Glacier, and server-side encryption options on S3