Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rotate Secrets Manager Secrets Rule

Ensure rotation of Secrets Manager secrets as per the schedule to enhance security.

RuleSecrets Manager secrets should be rotated as per the rotation schedule
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Critical

Rule Description

The rule mandates that Secrets Manager secrets should be rotated according to the rotation schedule specified in the NIST Cybersecurity Framework (CSF) v1. This rotation practice ensures the frequent renewal of secrets, minimizing the potential risk of unauthorized access or exploitation of sensitive information by malicious actors.

Troubleshooting Steps

If there are any issues with rotating secrets in compliance with the NIST CSF v1 rotation schedule, follow the troubleshooting steps below:

  1. 1.

    Verify the rotation schedule: Double-check the defined rotation schedule in place. Ensure that it aligns with the guidelines specified in the NIST CSF v1.

  2. 2.

    Review secret properties: Check the properties of the secret in AWS Secrets Manager. Ensure that the secret has the appropriate rotation configuration set up.

  3. 3.

    Check permissions: Validate the permissions granted to the role or user responsible for rotating secrets. Ensure that the necessary permissions are granted to rotate secrets successfully.

  4. 4.

    Monitor rotation status: Keep an eye on the rotation status of secrets. If there are any failures or errors reported during the rotation process, investigate and address them accordingly.

Necessary Codes

There are no specific codes associated with this rule, as it primarily focuses on complying with the rotation schedule defined by the NIST CSF v1. However, to facilitate the automation of secret rotation, you can leverage AWS SDKs or APIs to programmatically manage secret rotation.

Step-by-step Guide for Remediation

To remediate and meet the requirements of the NIST CSF v1 rotation schedule, follow the guide below:

  1. 1.

    Identify relevant secrets: Determine which secrets in AWS Secrets Manager require rotation.

  2. 2.

    Define a rotation schedule: Reference the NIST CSF v1 and define a rotation schedule for each secret based on the recommended timeframes.

  3. 3.

    Enable automatic rotation: Configure automatic rotation for the secrets in AWS Secrets Manager. This can be achieved by following these steps:

    • Open the AWS Secrets Manager console.
    • Select the desired secret.
    • Choose the "Rotation" tab.
    • Click on "Edit rotation".
    • Enable automatic rotation, and specify the rotation schedule as per the NIST CSF v1 guidelines.
    • Save the changes.
  4. 4.

    Test the rotation process: Validate the secret rotation process by triggering a manual rotation or waiting for the next scheduled rotation. Ensure that the rotation completes successfully without any errors.

  5. 5.

    Monitor and respond to rotation failures: Regularly monitor the rotation status of secrets in AWS Secrets Manager. If any secrets fail to rotate or encounter errors, investigate the cause and take appropriate actions to rectify the issue promptly.

  6. 6.

    Update documentation: Keep records of the secrets that have been rotated and their respective rotation schedules. Document the changes made to comply with the NIST CSF v1 rotation requirements.

By adhering to the above guide, you can ensure that Secrets Manager secrets are rotated efficiently in accordance with the NIST CSF v1 rotation schedule.

Is your System Free of Underlying Vulnerabilities?
Find Out Now