Amazon ACM
š Removing expired SSL/TLS certificates from AWS IAM is crucial to maintain security and prevent potential vulnerabilities. Expired certificates can lead to denial of service and other security issues, emphasizing the need for regular certificate management and updates.
- Section: SSL / TLS
- Severity: High
- CWE: CWE-16 Misconfiguration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Denial of Service
- Rule Set: Rapticore Benchmark
š Validating all requests during the SSL/TLS certificate issuance or renewal process is vital for security. This step ensures the authenticity and integrity of the certificates, safeguarding against misuse and potential security breaches.
- Section: SSL / TLS
- Severity: High
- CWE: CWE-16 Misconfiguration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Denial of Service
- Rule Set: Rapticore Benchmark
š Proactively renewing SSL/TLS certificates managed by AWS ACM before their expiration enhances security and prevents service interruptions. Timely renewal, ideally 7 days before expiration, is crucial for continuous protection and trust.
- Section: SSL / TLS
- Severity: High
- CWE: CWE-298 Improper Validation of Certificate Expiration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering
- Rule Set: Rapticore Benchmark
š Renewing SSL/TLS certificates managed by AWS ACM 30 days before expiry is a best practice for maintaining secure communications. This early renewal helps to avoid potential risks associated with expired certificates, ensuring continuous security and trust.
- Section: SSL / TLS
- Severity: High
- CWE: CWE-298 Improper Validation of Certificate Expiration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering
- Rule Set: Rapticore Benchmark
š Using ACM single domain name certificates instead of wildcard certificates in AWS accounts is a security measure to reduce risks. This practice ensures tighter control and reduces the potential impact of a compromised certificate.
- Section: SSL / TLS
- Severity: High
- CWE: CWE-16 Misconfiguration
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure, Tampering
- Rule Set: Rapticore Benchmark
Updated about 1 year ago