089 – Limit validity of certificates

Summary

The organization must not use digital certificates with a validity of more than two years.

Description

Certificate validity is tied to the lifecycle of cryptographic keys. Limiting the validity period encourages regular key rotation, which is essential for maintaining the security of cryptographic systems. Regularly updating keys and certificates helps to stay ahead of emerging threats.

Supported In

Advanced: True

References

• CWE-295. Improper certificate validation
• CWE-298. Improper validation of certificate expiration
• CWE-299. Improper check for certificate revocation
• PTES-7_4_2_7. Post exploitation - Pillaging (certificate authority)
• BSAFSS-EN_3-2. Software protects and validates encryption keys
• SIG-I_3_2_4_2. Application security
• CASA-9_2_4. Server Communication Security

Weaknesses

• 163 – Insecure digital certificates
• 167 – Insecure service configuration - Wireless Certificates
• 348 – Insecure digital certificates - Lifespan
• 350 – Insecure digital certificates - Chain of trust

Last updated

2024/01/18