💼 Expiration Management
- ID:
/frameworks/cloudaware/secret-and-certificate-governance/expiration-management
Description
Policies for identifying resources that do not implement expiration and rotation management procedures for keys, secrets, and certificates.
Similar
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (13)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS ACM Certificate expires in the next 7 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ACM Certificate Expired🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS IAM Server Certificate is expired🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS KMS Symmetric CMK Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Secrets Manager Secret Automatic Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Automatic Key Rotation is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Non-RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Keys without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure RBAC Key Vault stores Secrets without expiration date🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google API Key is not rotated every 90 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google IAM Service Account User-Managed Key is not rotated every 90 days🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google KMS Crypto Key is not rotated every 90 days🟢 | 1 | 🟢 x6 | no data |