diff --git a/.changelog/35879.txt b/.changelog/35879.txt
new file mode 100644
index 00000000000..192042824a5
--- /dev/null
+++ b/.changelog/35879.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_transfer_server: Add `TransferSecurityPolicy-2024-01` and `TransferSecurityPolicy-FIPS-2024-01` as valid values for `security_policy_name`
+```
diff --git a/internal/service/transfer/enum.go b/internal/service/transfer/enum.go
index 39b6d79abaf..1e529e06d9d 100644
--- a/internal/service/transfer/enum.go
+++ b/internal/service/transfer/enum.go
@@ -8,8 +8,10 @@ const (
 	SecurityPolicyName2020_06             = "TransferSecurityPolicy-2020-06"
 	SecurityPolicyNameFIPS_2020_06        = "TransferSecurityPolicy-FIPS-2020-06"
 	SecurityPolicyNameFIPS_2023_05        = "TransferSecurityPolicy-FIPS-2023-05"
+	SecurityPolicyNameFIPS_2024_01        = "TransferSecurityPolicy-FIPS-2024-01"
 	SecurityPolicyName2022_03             = "TransferSecurityPolicy-2022-03"
 	SecurityPolicyName2023_05             = "TransferSecurityPolicy-2023-05"
+	SecurityPolicyName2024_01             = "TransferSecurityPolicy-2024-01"
 	SecurityPolicyNamePQ_SSH_2023_04      = "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04"
 	SecurityPolicyNamePQ_SSH_FIPS_2023_04 = "TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04"
 )
@@ -20,8 +22,10 @@ func SecurityPolicyName_Values() []string {
 		SecurityPolicyName2020_06,
 		SecurityPolicyNameFIPS_2020_06,
 		SecurityPolicyNameFIPS_2023_05,
+		SecurityPolicyNameFIPS_2024_01,
 		SecurityPolicyName2022_03,
 		SecurityPolicyName2023_05,
+		SecurityPolicyName2024_01,
 		SecurityPolicyNamePQ_SSH_2023_04,
 		SecurityPolicyNamePQ_SSH_FIPS_2023_04,
 	}
diff --git a/internal/service/transfer/exports_test.go b/internal/service/transfer/exports_test.go
index 7d84bc67c68..6be3e172350 100644
--- a/internal/service/transfer/exports_test.go
+++ b/internal/service/transfer/exports_test.go
@@ -5,5 +5,6 @@ package transfer
 
 // Exports for use in tests only.
 var (
-	ResourceTag = resourceTag
+	ResourceServer = resourceServer
+	ResourceTag    = resourceTag
 )
diff --git a/internal/service/transfer/server.go b/internal/service/transfer/server.go
index 8151e636b2e..281da1dba35 100644
--- a/internal/service/transfer/server.go
+++ b/internal/service/transfer/server.go
@@ -30,7 +30,7 @@ import ( // nosemgrep:ci.semgrep.aws.multiple-service-imports
 
 // @SDKResource("aws_transfer_server", name="Server")
 // @Tags(identifierAttribute="arn")
-func ResourceServer() *schema.Resource {
+func resourceServer() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceServerCreate,
 		ReadWithoutTimeout:   resourceServerRead,
diff --git a/internal/service/transfer/server_test.go b/internal/service/transfer/server_test.go
index e04fe3e4c8f..71c4df394e1 100644
--- a/internal/service/transfer/server_test.go
+++ b/internal/service/transfer/server_test.go
@@ -264,6 +264,13 @@ func testAccServer_securityPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-PQ-SSH-Experimental-2023-04"),
 				),
 			},
+			{
+				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-2024-01"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServerExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-2024-01"),
+				),
+			},
 		},
 	})
 }
@@ -293,6 +300,13 @@ func testAccServer_securityPolicyFIPS(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"force_destroy"},
 			},
+			{
+				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-FIPS-2024-01"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServerExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-FIPS-2024-01"),
+				),
+			},
 		},
 	})
 }
diff --git a/internal/service/transfer/service_package_gen.go b/internal/service/transfer/service_package_gen.go
index 137ac62bbca..130ed62edaf 100644
--- a/internal/service/transfer/service_package_gen.go
+++ b/internal/service/transfer/service_package_gen.go
@@ -73,7 +73,7 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka
 			},
 		},
 		{
-			Factory:  ResourceServer,
+			Factory:  resourceServer,
 			TypeName: "aws_transfer_server",
 			Name:     "Server",
 			Tags: &types.ServicePackageResourceTags{
diff --git a/internal/service/transfer/sweep.go b/internal/service/transfer/sweep.go
index 8d358527536..e3d7b7182dd 100644
--- a/internal/service/transfer/sweep.go
+++ b/internal/service/transfer/sweep.go
@@ -45,7 +45,7 @@ func sweepServers(region string) error {
 		}
 
 		for _, server := range page.Servers {
-			r := ResourceServer()
+			r := resourceServer()
 			d := r.Data(nil)
 			d.SetId(aws.StringValue(server.ServerId))
 			d.Set("force_destroy", true) // In lieu of an aws_transfer_user sweeper.
diff --git a/website/docs/cdktf/python/r/transfer_server.html.markdown b/website/docs/cdktf/python/r/transfer_server.html.markdown
index 7d4e815e883..c7fa7517e32 100644
--- a/website/docs/cdktf/python/r/transfer_server.html.markdown
+++ b/website/docs/cdktf/python/r/transfer_server.html.markdown
@@ -221,7 +221,17 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.
diff --git a/website/docs/cdktf/typescript/r/transfer_server.html.markdown b/website/docs/cdktf/typescript/r/transfer_server.html.markdown
index 80f794ceb82..04a184a6697 100644
--- a/website/docs/cdktf/typescript/r/transfer_server.html.markdown
+++ b/website/docs/cdktf/typescript/r/transfer_server.html.markdown
@@ -254,7 +254,17 @@ This resource supports the following arguments:
 * `postAuthenticationLoginBanner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `preAuthenticationLoginBanner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocolDetails`- (Optional) The protocol settings that are configured for your server.
-* `securityPolicyName` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `securityPolicyName` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structuredLogDestinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`defaultTags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflowDetails` - (Optional) Specifies the workflow details. See Workflow Details below.
diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown
index 7ab5394cc02..3b81313ccb3 100644
--- a/website/docs/r/transfer_server.html.markdown
+++ b/website/docs/r/transfer_server.html.markdown
@@ -145,7 +145,17 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03`, `TransferSecurityPolicy-2023-05`, `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04` and `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Default value is: `TransferSecurityPolicy-2018-11`. The available values are:
+    * `TransferSecurityPolicy-2024-01`
+    * `TransferSecurityPolicy-2023-05`
+    * `TransferSecurityPolicy-2022-03`
+    * `TransferSecurityPolicy-2020-06`
+    * `TransferSecurityPolicy-2018-11`
+    * `TransferSecurityPolicy-FIPS-2024-01`
+    * `TransferSecurityPolicy-FIPS-2023-05`
+    * `TransferSecurityPolicy-FIPS-2020-06`
+    * `TransferSecurityPolicy-PQ-SSH-Experimental-2023-04`
+    * `TransferSecurityPolicy-PQ-SSH-FIPS-Experimental-2023-04`
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.