Rule: ACM Certificates Should Expire Within 30 Days

This rule ensures that ACM certificates are set to expire within 30 days.

Rule	ACM certificates should be set to expire within 30 days
Framework	FedRAMP Moderate Revision 4
Severity	✔ Medium

Description:

This policy requires ACM (Amazon Certificate Manager) certificates to be set to expire within 30 days for FedRAMP Moderate Revision 4 compliance. ACM certificates are used to secure HTTPS connections for Amazon Web Services (AWS) resources.

Troubleshooting steps:

If you encounter any issues while setting the expiry date of ACM certificates to 30 days, please follow these troubleshooting steps:

1.
Validate Certificate: Ensure that the certificate selected for modification is a valid ACM certificate.

2.
Check Permissions: Verify that you have the necessary permissions to modify ACM certificate settings. Make sure you have the "acm:ImportCertificate" permission granted.

3.
AWS CLI Version: Ensure that you are using the latest version of the AWS Command Line Interface (CLI) tool. Outdated versions may not support the required functionality.

4.
Check Certificate Status: Confirm that the certificate is in the "CertificateIssued" state. The expiry modification is only applicable to issued certificates.

Necessary codes:

No code examples are available for this policy as it mainly involves configuring ACM certificate expiry settings.

Step-by-step guide for remediation:

To set ACM certificates to expire within 30 days for FedRAMP Moderate Revision 4 compliance, follow the steps below:

1.
Open the AWS Management Console and navigate to the ACM service.

2.
In the ACM console, select the certificate you want to modify.

3.
Click on the "Actions" dropdown menu and select "Modify certificate".

4.
In the "Modify certificate" panel, locate the "Validity period" section.

5.
Set the "Validity period" to 30 days or less, as per the FedRAMP Moderate Revision 4 policy requirement.

6.
Review the other certificate details if necessary.

7.
Click on "Save" to apply the changes.

The ACM certificate will now be set to expire within 30 days, ensuring compliance with the FedRAMP Moderate Revision 4 policy.

Note: It is important to regularly monitor and update certificates to maintain compliance with the policy.

Rule: ACM Certificates Should Expire Within 30 Days

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-step guide for remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Troubleshooting steps:

Necessary codes:

Step-by-step guide for remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now