Skip to main content

💼 Expiration Management

Contextual name: 💼 Expiration Management
ID: /frameworks/cloudaware/secret-and-certificate-governance/expiration-management
Located in: 💼 Secret & Certificate Governance

Description

Policies for identifying resources that do not implement expiration and rotation management procedures for keys, secrets, and certificates.

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (12)

Policy	Logic Count	Flags
📝 AWS ACM Certificate expires in the next 7 days 🟢	1	🟢 x6
📝 AWS ACM Certificate Expired 🟢	1	🟢 x6
📝 AWS IAM Server Certificate is expired 🟢	1	🟢 x6
📝 AWS KMS Symmetric CMK Rotation is not enabled 🟢	1	🟢 x6
📝 Azure Key Vault Automatic Key Rotation is not enabled 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure Non-RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Keys without expiration date 🟢	1	🟢 x6
📝 Azure RBAC Key Vault stores Secrets without expiration date 🟢	1	🟢 x6
📝 Google API Key is not rotated every 90 days 🟢	1	🟢 x6
📝 Google IAM Service Account User-Managed Key is not rotated every 90 days 🟢	1	🟢 x6
📝 Google KMS Crypto Key is not rotated every 90 days 🟢	1	🟢 x6

Description
Similar
Sub Sections
Policies (12)