Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: ACM Certificates Expiry Within 30 Days

This rule states that ACM certificates must be set to expire within 30 days for compliance.

RuleACM certificates should be set to expire within 30 days
FrameworkRBI Cyber Security Framework
Severity
Medium

ACM Certificate Expiry Rule for RBI Cyber Security Framework

Rule Description:

As per the RBI (Reserve Bank of India) Cyber Security Framework, it is required that ACM (AWS Certificate Manager) certificates should have an expiry set within 30 days. This rule ensures that the certificates used by applications and services hosted on AWS are regularly renewed and remain in compliance with RBI regulations.

Troubleshooting Steps:

If you encounter any issues related to the ACM certificate expiry rule, follow these troubleshooting steps:

  1. 1.

    Verify the expiration date of the ACM certificate by checking the certificate details in the AWS Management Console.

  2. 2.

    Ensure that the certificate has not already expired. If it has expired, you must renew or replace it immediately.

  3. 3.

    Check if the automatic renewal feature is enabled for the ACM certificate. If not, consider enabling it to ensure that certificates are automatically renewed before expiration.

  4. 4.

    Review the ACM certificate acquisition process to ensure that certificates are obtained with the correct expiration date within the 30-day limit.

  5. 5.

    If the certificate is not automatically renewed, check if any error messages or warnings are displayed in the AWS CloudWatch Logs or ACM Logs. Investigate and resolve any issues indicated by the logs.

Necessary Code:

There is no specific code required for this rule; however, you may need to use AWS CLI commands for checking and managing ACM certificates. The following section provides step-by-step instructions for remediating certificate expiration using AWS CLI commands.

Certificate Expiry Remediation Process:

Follow these step-by-step guide for remediating the ACM certificate expiry issue using AWS CLI commands:

  1. 1.

    Install AWS CLI (Command Line Interface) on your local machine if it is not already installed.

  2. 2.

    Open the command prompt or terminal and configure AWS CLI with your AWS account credentials. You can use the following command:

$ aws configure
  1. 1.
    Once AWS CLI is configured, check the list of ACM certificates associated with your account using the following command:
$ aws acm list-certificates
  1. 1.

    Identify the ACM certificate that requires renewal within 30 days based on the expiration dates listed.

  2. 2.

    To renew the certificate, use the following command:

$ aws acm renew-certificate --certificate-arn <certificate_arn>

Replace

<certificate_arn>
with the ARN (Amazon Resource Name) of the certificate you want to renew.

  1. 1.

    Follow any additional instructions provided by the AWS CLI to complete the certificate renewal process.

  2. 2.

    After successfully renewing the certificate, verify the new expiration date using the ACM console or the CLI command mentioned in step 3.

  3. 3.

    Monitor the certificate's expiry date going forward, and ensure that you set up appropriate alerts or notifications to be informed about any upcoming expirations.

  4. 4.

    Repeat these steps for any other ACM certificates that require renewal within 30 days.

By following this step-by-step guide and utilizing the AWS CLI commands, you can effectively remediate the ACM certificate expiry issue to comply with the RBI Cyber Security Framework.

Note: It is recommended to regularly review and update the ACM certificate expiry settings to align with any changes in the RBI's regulations or guidelines related to cybersecurity.

Is your System Free of Underlying Vulnerabilities?
Find Out Now