Rule: ACM certificates should expire within 30 days
This rule states that ACM certificates must be set to expire within 30 days to maintain compliance.
| Rule | ACM certificates should be set to expire within 30 days |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Medium |
Rule Description
The ACM (AWS Certificate Manager) certificates used in the context of FedRAMP Low Revision 4 should have an expiration period set to within 30 days. This rule is implemented to ensure the security and compliance of certificates used within the system.
Troubleshooting Steps
If you encounter any issues related to the expiration period of ACM certificates for FedRAMP Low Revision 4, follow these troubleshooting steps:
- 1.
Verify the certificate expiration date: Check the current expiration date of the ACM certificate in question. You can do this by accessing the AWS Management Console and navigating to the ACM service.
- 2.
Ensure compliance with the rule: If the certificate expiration is set beyond the required 30-day expiration period, you need to take steps to adjust the expiration settings.
Necessary Code
There isn't any specific code required for this particular rule. The configuration change needs to be made through the AWS Management Console or AWS CLI commands.
Remediation Steps
To remediate the expiration period of the ACM certificates for FedRAMP Low Revision 4, follow the step-by-step guide below:
- 1.
Open the AWS Management Console: Visit the AWS Management Console (https://console.aws.amazon.com/) and sign in to your account.
- 2.
Access the ACM service: From the console home page, search for "Certificate Manager" or locate it under the "Security, Identity & Compliance" section.
- 3.
Choose the relevant certificate: In the ACM console, select the certificate that needs to be modified. Ensure that the certificate is being used within the FedRAMP Low Revision 4 workloads.
- 4.
Modify the expiration period: Click on the "Actions" dropdown menu and choose "Modify".
- 5.
Adjust the expiration period: Set the expiration period to within 30 days. Update the "Validity period" field accordingly.
- 6.
Review other settings: Validate that all other certificate details and settings align with the FedRAMP Low Revision 4 requirements and best practices.
- 7.
Save the changes: After adjusting the expiration period, click on the "Save" or "Apply" button to apply the changes to the certificate.
- 8.
Monitor the expiration period: Regularly monitor the expiration date of all ACM certificates used in the FedRAMP Low Revision 4 workloads. Ensure that upcoming certificate expirations are accounted for and follow a proactive renewal process.
By following these steps, you can remediate and ensure compliance with the ACM certificate expiration period rule for FedRAMP Low Revision 4 workloads.