Minimize Lifetime of Encryption and Authentication Certificates

CCC.Core.CN13: Minimize Lifetime of Encryption and Authentication Certificates

Control ID:CCC.Core.CN13

Title:Minimize Lifetime of Encryption and Authentication Certificates

Objective:Ensure that encryption and authentication certificates have a limited lifetime to reduce the risk of compromise and ensure the use of up-to-date security practices.

Control Family:

Data

Related Threats

ID	Title	Description	External Mappings	Capability Mappings	Control Mappings
CCC.Core.TH18	Encryption Key is Misused	Encryption keys may be used by an unauthorized entity due to inadequate key management practices or the compromise of a connected system. This could lead to the decryption of sensitive data, impacting its confidentiality and integrity.	1	1	0

Related Capabilities

ID	Title	Description
CCC.Core.CP01	Encryption in Transit Enabled by Default	The service automatically encrypts all data using industry-standard cryptographic protocols prior to transmission via a network interface.
CCC.Core.CP02	Encryption at Rest Enabled by Default	The service automatically encrypts all data using industry-standard cryptographic protocols prior to being written to a storage medium.

Assessment Requirements

ID	Description	Applicability
CCC.Core.CN13.AR01	When a port is exposed that uses certificate-based encryption, the service MUST only use valid, unexpired certificates issued by a trusted certificate authority.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.CN13.AR02	When a port is exposed that uses certificate-based encryption, the service MUST rotate active certificates within 180 days of issuance.	tlp-amber
CCC.Core.CN13.AR03	When a port is exposed that uses certificate-based encryption, the service MUST rotate active certificates within 90 days of issuance.	tlp-red