---
names:
  full: "AWS Secrets Manager Secret has not been rotated within the last 90 days"
  contextual: "Secret has not been rotated within the last 90 days"
description: >
  Ensure that AWS Secrets Manager secret values without automatic rotation
  enabled are rotated at least once every 90 days to reduce the exposure
  window for long-lived credentials.
type: "COMPLIANCE_POLICY"
categories:
  - "SECURITY"
frameworkMappings:
  - "/frameworks/cloudaware/secret-and-certificate-governance/expiration-management"
  - "/frameworks/aws-fsbp-v1.0.0/secrets-manager/04"
similarPolicies:
  awsSecurityHub:
    - name: "[SecretsManager.4] Secrets Manager secrets should be rotated within a specified number of days"
      url: "https://docs.aws.amazon.com/securityhub/latest/userguide/secretsmanager-controls.html#secretsmanager-4"