Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ACM Certificates Should Expire Within 30 Days

This rule ensures ACM certificates expiration within 30 days for optimal security and compliance.

RuleACM certificates should be set to expire within 30 days
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

ACM (Amazon Certificate Manager) certificates should be set to expire within 30 days to ensure compliance with the NIST 800-53 Revision 5 security standards. This rule helps to minimize the risk of using expired certificates and maintain the security of the system.

Troubleshooting Steps

If the ACM certificates are not set to expire within 30 days, it may indicate a potential security vulnerability. Troubleshooting steps can include:

  1. 1.
    Check the expiration date of the current ACM certificates.
  2. 2.
    Verify if any certificates have expired or are set to expire beyond 30 days.
  3. 3.
    Ensure that the ACM certificates are regularly renewed or replaced before they expire.
  4. 4.
    Identify any potential configuration issues or misconfigurations causing the certificates to exceed the 30-day limit.

Necessary Codes

No specific codes are required for this rule. Compliance with the NIST 800-53 Revision 5 standard can be achieved by configuring the expiration settings correctly within the ACM interface.

Step-by-Step Guide for Remediation

To configure ACM certificates to expire within 30 days, follow these steps:

  1. 1.

    Log in to the AWS Management Console.

  2. 2.

    Navigate to the Amazon Certificate Manager (ACM) service.

  3. 3.

    Click on "Certificates" in the left-hand menu.

  4. 4.

    Review the list of certificates and identify the ones that are not set to expire within 30 days.

  5. 5.

    Select the certificate(s) that need to be modified by checking the corresponding checkboxes.

  6. 6.

    Click on the "Actions" dropdown menu and select "Update certificate".

  7. 7.

    In the "Renewal period" field, enter "30" to set the certificate renewal period to 30 days.

  8. 8.

    Click on the "Update" button to save the changes.

  9. 9.

    Verify that the updated certificate(s) now show the correct expiration date within 30 days.

  10. 10.

    Repeat the process for any additional ACM certificates that do not meet the 30-day expiration requirement.

By following these steps, the ACM certificates will be correctly configured to expire within 30 days, ensuring compliance with the NIST 800-53 Revision 5 standard. Regular monitoring and renewal of certificates are recommended to maintain ongoing compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now