---
names: 
  full: "Google KMS Crypto Key is not rotated every 90 days"
  contextual: "Crypto Key is not rotated every 90 days"
description: "Google Cloud Key Management Service stores cryptographic keys in a hierarchical \
 structure designed for useful and elegant access control management. \
 The format for the rotation schedule depends on the client library that is used. For the \
 gcloud command-line tool, the next rotation time must be in ISO or RFC3339 format, and \
 the rotation period must be in the form INTEGER[UNIT], where units can be one of \
 seconds (s), minutes (m), hours (h) or days (d)."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v4.0.0/01/10
  - /frameworks/cloudaware/secret-and-certificate-governance/expiration-management
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/gcp/CloudKMS/rotate-kms-encryption-keys.html"
      name: "Rotate Google Cloud KMS Keys"