Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ACM Certificates Expire Within 30 Days

This rule ensures ACM certificates are set to expire within 30 days for enhanced security measures.

RuleACM certificates should be set to expire within 30 days
FrameworkHIPAA
Severity
Medium

Rule Description

ACM (AWS Certificate Manager) certificates that are used for HIPAA (Health Insurance Portability and Accountability Act) compliant applications should be set to expire within 30 days. This rule ensures that certificates are regularly renewed to maintain the security and compliance requirements of HIPAA.

Troubleshooting Steps

If you encounter any issues in setting the expiration for ACM certificates within 30 days, follow these troubleshooting steps:

  2. 1.

    Check IAM User/Role Permissions: Ensure that the IAM user or role you are using to manage certificates has necessary permissions (such as 

    acm:SetCertificate
    , 
    acm:UpdateCertificateOptions
    , etc.) to modify ACM certificates.

  4. 2.

    Verify HIPAA compliance: Confirm that the application using the ACM certificate is HIPAA compliant. Ensure that it handles protected health information (PHI) and is deployed in an AWS environment that meets HIPAA requirements.

  6. 3.

    Check certificate status: Validate the status of the ACM certificate. Make sure it is in the "Issued" state before attempting to modify its expiration.

  8. 4.

    Review certificate details: Verify the current expiration date of the certificate and compare it to the desired 30-day limit. This information will help identify any discrepancies.

  10. 5.

    Review changes history: Examine the history of changes made to the certificate, ensuring that no unintended modifications have been made that may affect the expiration setting.

Necessary Code

No specific code is required for this rule. The configuration change needs to be done through the AWS Management Console or Command-Line Interface (CLI).

Remediation Steps

To set an ACM certificate to expire within 30 days for HIPAA compliance, follow these steps:

  2. 1.
    Open the AWS Management Console.
  4. 2.
    Go to the ACM service.
  6. 3.
    Select the region where your certificate is located (if multiple regions are used).
  8. 4.
    Locate the desired certificate from the list of certificates.
  10. 5.
    Click on the certificate name to open its details page.
  12. 6.
    In the "Actions" dropdown, select "Renew".
  14. 7.
    Choose "Renew with the same public/private key pair" option.
  16. 8.
    Set the "Expiration Date" to 30 days from the current date.
  18. 9.
    Review the other settings and options if necessary.
  20. 10.
    Click on "Renew" to renew the certificate with the updated expiration.

Alternatively, you can use the AWS CLI to renew the certificate with the updated expiration date by running the following command:

aws acm renew-certificate --certificate-arn <certificate-arn> --renewal-prefs RenewalSafekeeping=true --opt-in-to-renewal=true

Ensure you replace 

<certificate-arn>
with the actual ARN (Amazon Resource Name) of the ACM certificate you want to renew.

Conclusion

By following the rule to set ACM certificates to expire within 30 days for HIPAA compliance, you ensure the continuous security and compliance of your sensitive healthcare applications. Regularly renewing certificates prevents disruptions in service and ensures the confidentiality and integrity of protected health information.

Is your System Free of Underlying Vulnerabilities?
Find Out Now