SEC09-BP01 Implement secure key and certificate management
Store encryption keys and certificates securely and rotate them at appropriate time
intervals with strict access control. The best way to accomplish this is to use a managed
service, such as AWS Certificate Manager (ACM)
Level of risk exposed if this best practice is not established: High
Implementation guidance
-
Implement secure key and certificate management: Implement your defined secure key and certificate management solution.
-
Implement secure protocols: Use secure protocols that offer authentication and confidentiality, such as Transport Layer Security (TLS) or IPsec, to reduce the risk of data tampering or loss. Check the AWS documentation for the protocols and security relevant to the services that you are using.
Resources
Related documents: