πΌ Expiration Management
- Contextual name: πΌ Expiration Management
- ID:
/frameworks/cloudaware/secret-and-certificate-governance/expiration-management - Located in: πΌ Secret & Certificate Governance
Descriptionβ
Policies for identifying resources that do not implement expiration and rotation management procedures for keys, secrets, and certificates.
Similarβ
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (12)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS ACM Certificate expires in the next 7 days π’ | 1 | π’ x6 |
| π AWS ACM Certificate Expired π’ | 1 | π’ x6 |
| π AWS IAM Server Certificate is expired π’ | 1 | π’ x6 |
| π AWS KMS Symmetric CMK Rotation is not enabled π’ | 1 | π’ x6 |
| π Azure Key Vault Automatic Key Rotation is not enabled π π’ | 1 | π x1, π’ x5 |
| π Azure Non-RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure Non-RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Keys without expiration date π’ | 1 | π’ x6 |
| π Azure RBAC Key Vault stores Secrets without expiration date π’ | 1 | π’ x6 |
| π Google API Key is not rotated every 90 days π’ | 1 | π’ x6 |
| π Google IAM Service Account User-Managed Key is not rotated every 90 days π’ | 1 | π’ x6 |
| π Google KMS Crypto Key is not rotated every 90 days π’ | 1 | π’ x6 |