πΌ Cryptographic Configuration
- Contextual name: πΌ Cryptographic Configuration
- ID:
/frameworks/cloudaware/secret-and-certificate-governance/cryptographic-configuration - Located in: πΌ Secret & Certificate Governance
Descriptionβ
Policies for identifying resources that do not adhere to configuration best practices for keys/secrets/certificates.
Similarβ
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (8)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS ACM Certificate with Wildcard Domain Name π’ | 1 | π’ x6 |
| π AWS ACM RSA Certificate key length is less than 2048 bits π’ | 1 | π’ x6 |
| π AWS CloudTrail Disable CMK or Schedule CMK Deletion Events Monitoring is not enabled π’ | π’ x3 | |
| π Google API Key is not restricted for unspecified hosts and apps π’ | π’ x3 | |
| π Google API Key is not restricted for unused APIs π’ | 1 | π’ x6 |
| π Google Cloud DNS Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 π’ | 1 | π’ x6 |
| π Google Cloud DNS Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 π’ | 1 | π’ x6 |
| π Google Project has API Keys π’ | 1 | π x1, π’ x5 |