Rule: Secrets Manager Secrets Rotation Schedule
Ensure Secrets Manager secrets are rotated according to the schedule set
| Rule | Secrets Manager secrets should be rotated as per the rotation schedule |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Critical |
Rule Description
Secrets stored in Secrets Manager should be regularly rotated as per the rotation schedule specified by the NIST 800-53 Revision 5 guidelines. This ensures that sensitive credentials and keys are regularly updated, reducing the risk of unauthorized access and maintaining better security for the organization.
Troubleshooting Steps
If there are any issues or concerns regarding the rotation of secrets in Secrets Manager, the following troubleshooting steps can be taken:
- 1.
Verify Rotation Settings: Check if the rotation schedule for secrets in Secrets Manager is aligned with the NIST 800-53 Revision 5 guidelines. Ensure that the rotation frequency and requirements are correctly configured.
- 2.
Ensure Proper Access: Make sure that the necessary permissions and access controls are in place for Secrets Manager. Users or roles performing the rotation should have appropriate privileges to perform secret rotation.
- 3.
Check for Errors: Monitor for any error messages or logs related to secret rotation in Secrets Manager. Investigate and resolve any reported errors to ensure successful rotation.
- 4.
Review Secret Lifecycle Policy: Check if the lifecycle policy for secrets in Secrets Manager is properly configured, enabling automatic rotation based on defined criteria. Adjust the policy if necessary.
- 5.
Validate Credentials: Verify that the credentials being rotated are accurate and up-to-date. Incorrect or outdated credentials may cause rotation failures. Update the credentials if needed.
- 6.
Verify Rotation Customizations: If any customizations or scripts have been applied for specific secrets, review them for any potential issues or conflicts with the rotation process. Adjust or modify as required.
- 7.
Test Secret Rotation: Perform a test rotation for a sample secret to ensure that the rotation process is functioning correctly. Monitor and evaluate the results to identify any issues that may need to be addressed.
- 8.
Seek Support: If the above steps do not resolve the issue, reach out to the relevant support channels, such as AWS Support, for further assistance.
Necessary Codes
There are no specific codes required for this rule/policy as it primarily involves configuring and managing the rotation schedule and lifecycle policies within Secrets Manager.
Step-by-Step Guide for Remediation
To ensure compliance with the rotation schedule recommended by NIST 800-53 Revision 5 for Secrets Manager secrets, follow these steps:
- 1.
Access Secrets Manager: Log in to the AWS Management Console or use the AWS CLI to access the Secrets Manager service.
- 2.
Review Existing Secrets: Identify the secrets stored in Secrets Manager that require rotation based on the NIST 800-53 Revision 5 guidelines.
- 3.
Configure Rotation Schedule: For each identified secret, configure the rotation schedule according to the recommended frequency specified in the NIST guidelines. Set the rotation period accordingly.
- 4.
Review and Adjust Lifecycle Policy: Check the existing lifecycle policy for secrets in Secrets Manager and ensure that it enables automatic rotation based on defined criteria, such as time or usage limits. Adjust the policy if necessary.
- 5.
Test Rotation: Perform a test rotation for a sample secret to verify that the rotation process is functioning correctly. Monitor the rotation process and ensure that the secret is successfully rotated without any errors.
- 6.
Monitor and Evaluate: Regularly monitor and evaluate the rotation process, ensuring that all required secrets are being rotated as per the defined schedule. Review any issues or errors reported and take appropriate actions for remediation.
Following these steps will ensure that secrets stored in Secrets Manager are regularly rotated in accordance with the NIST 800-53 Revision 5 guidelines, enhancing the security posture of the organization.